back to article Conficker seizes city's hospital network

Staff at hospitals across Sheffield are battling a major computer worm outbreak after managers turned off Windows security updates for all 8,000 PCs on the vital network, The Register has learned. It's been confirmed that more than 800 computers have been infected with self-replicating Conficker code. Insiders at Sheffield …


This topic is closed for new posts.


  1. Anonymous Coward
    Anonymous Coward

    no individual ...

    "This decision was taken by the IT Change Advisory Board to prevent further disruption in theatres which could have affected patient care." No individual was responsible for the move, the Trust added.

    Well sack the lot of them then.

  2. lIsRT

    "No individual was resonsible for the move"

    "This decision was taken by the IT Change Advisory Board to prevent further disruption in theatres which could have affected patient care." No individual was responsible for the move, the Trust added.

    Clearly the IT Change Advisory Board is a borg-like entity, so perfectly assimilated that distinguishing its individual drones is now practically impossible.

    Sack 'em all (it?) then, obviously; if no-one is responsible, then everyone is.

    Also, shouldn't anything you need in an operating theatre be running one of the guaranteed, real-time scheduling, safety-critical OSs that things like aircraft use?

    Looks like some(one/thing) else is in need of being removed.

  3. Paul Uszak

    Let OS wars begin...

    Windows virus story? ...Linux ...Mac... begin.

  4. Anonymous Coward
    Anonymous Coward

    IT Change Advisory Board

    "This decision was taken by the IT Change Advisory Board to prevent further disruption in theatres which could have affected patient care." No individual was responsible for the move, the Trust added.

    Quick, Henry! The Flit!

  5. Anonymous Coward
    Jobs Horns


    MRSA and CDiff and now Configer, can UK Hospitals not get anything right ? Dont answer that.

  6. Phil Endecott

    Err, "WIndos for Operating Theatres"?

    > PCs in an operating theatre rebooted mid-surgery.

    Bloody hell. What on earth are they doing using Windows computers in an Operating Theatre???

    That is absolutely insane.

  7. Anonymous Coward
    Thumb Down

    Turning off Automatic Updates.

    This is pretty typical, and 100% understandable as the MS updates have a nasty habit of rebooting when they see fit. Switching it off is a fast and easy way of ensuring that your systems are up.

    Thank you MS for your totally shit update system.

    A better way, of course, would be to have the PCs update from a local (and thus controlled by the trust) source, but still denying auto-reboot. Chuck a message up to user, (so they can re-boot when safe); run audits and have an IT bod check the PCs that say they have not re-started for the updates to take effect.

    These problems are caused by the pathetic MS update system and semi-competent IT bods trying to work around the "we know best, you shall obey" attitude of MS. A machine reboot on a critical system could damage kit or, in the case of a hospital, kill someone.

    As for the committe; yes. Sack them. They are obviously, to a person, not competent.

  8. Jamie

    Can't believe it

    Why would you use Windows in a Situation Critical Environment like a Surgery Room?

    Honestly, you pick the best product for the scenario. Even MS know this as their Graphics Departmet (at least use to) are setup with Mac for graphic development.

  9. This post has been deleted by its author

  10. Jared Earle
    Thumb Down

    That's ok ...

    Surely all they need to do is roll out the redundant back up system and ... oh, wait.

    Muppets, the lot of them. That's what you get with a "lowest tender" system.

  11. umacf24

    October != December

    MS08-067 exploited by Conficker came out a bit late in October and they switched off the patching at the end of December .... so that's err more than nine weeks to patch?

  12. Anonymous John

    This isn't an anti-Microsoft rant, but

    this is their fault. It should be left to the user to decide when to reboot the computer after an automatic update.

    Having your PC reboot unexpectedly when left unattended, causes no end of problems.

  13. Anonymous Coward
    Anonymous Coward


    Surely any organisation that size should have a managed IT program, that includes

    wheeling out updates in a scheduled manner?

  14. myxiplx

    Incompetent on so many levels

    Dear god!

    You've first got utter stupidity on the part of the network managers: Computers in an Operating Theater should not be connected to the internet, especially if they're vital to the success of operations. And they should definately not be allowed to install updates unsupervised.

    But to then react to that by disabling security updates across your entire organisation? Somebody needs to be sacked here. It sounds like both the network staff and the management are utterly incompetent.

    I'm managing 100 computers here, without anything so critical as an operating theater, but I still have better policies in place than these jokers.

  15. Anonymous Coward

    The revolution is close at hand Comrades!

    The military machine is under threat!

    The medical infrastructure is close behind!

    We need to storm the Winter Palace, stand on the tables waving bits of paper at each other!

    All hail the penguin!

  16. Mike Crawshaw

    Not a problem

    We still use leeches in Sheffield, so a lack of computers ain't a problem....

  17. Jon

    WHY are these PCs connected to the Internet???!!!!

    PC in operating theatre... seems reasonable.

    Running Windows on it.... wouldn't be my first choice, but suitably locked-down it's reasonable, and has the benefit that people are familiar with the UI.

    Turning off automatic updates... also reasonable (albeit counter-intuitive). Testing changes is extremely important; and the PC should be locked-down enough that it's not going to get infected.

    Connecting life-critical PC in operating room to the internet... absolutely insane. Any life-critical PC should be air-gapped from the public internet.

    (Also, any PC with my medical records on should be air-gapped from the public internet - not that the NHS would ever bother doing that).

  18. David Edwards

    LIcence agreement

    Does not the windows licence screen say "dont use this in critical areas such as Operating theaters and Nuclier Subs?"

    I await an update on from the Royal Navy, assuming they are not at the bottom of the sea.

  19. Anonymous Coward
    Anonymous Coward


    > PCs in an operating theatre rebooted mid-surgery.

    Imagine waking up mid-surgery - bad enough in itself - to hear that dreaded tune 'do do do do' !

  20. Anonymous Coward


    Wait, some machines were playing up a bit, so they disabled *all* patching?

    WSUS is free, and you can auto assign patch groups through GP. Wouldn't have been a stretch to put the critical machines in one group that needs patches more stringently tested before rollout and stick the general ones to update as per normal?

    Anyone who can read TechNet articles can get WSUS running in an afternoon.

  21. Waderider


    umacf24 hits the nail on the head, the dates in the story don't make sense. I just checked my in-laws Vista machine and it received the update in the first half of November.

    I *want* to type things like 'use linux you fools', but of course if linux was more popular it would be as exploited, so I'd rather it stayed in the domain of the geek, server and netbook. And of course using Mav would make the NHS even more bankrupt........

  22. Adrian

    Operating Theatres?

    Why are these computers connected to a LAN with internet access. Surely anything critical, and in this case potentially life-threatening should be on a separate network?

    I worked for many years in the Space industry, and the operational machines (those which run the satellites) were on a physically separate LAN with absolutely no internet connection. PCs with the usual office apps and internet connections were on the development LAN.

    That would be too sensible in this case.

    @Paul Uszak: The operational machines are all Linux and Solaris, so no chance of a virus there ;)

  23. Thomas Silver badge

    A pure configuration problem?

    I'm pretty sure Windows has a "notify me when updates are available, don't automatically download and install them". That said, if they can find the ecosystem to support it then the NHS really should switch to Linux for simple budgetary reasons.

  24. Stuza

    Hasn't cost the public money?

    "The trust argued that the consequences of its decision making had not cost public money, "just time and effort by the IT teams"."

    Oh .... and I though that WE the public paid the IT staffs wages... I wonder who does then?

  25. André Marques

    @This isn't an anti-Microsoft rant, but

    Well, thing is, you CAN alter that! In fact, you can change that behaviour in all pcs at teh same time by using a Group Policy, you know, the same way they decided instead to TURN OFF THE UPDATES IN THE FIRST PLACE!

    +1 at firing all the IT Board.

  26. Anonymous Coward

    No cost?

    'The trust argued that the consequences of its decision making had not cost public money, "just time and effort by the IT teams".'

    All well and good, but that's time and effort that costs the trust wages, and means they can't be off doing something more useful instead. Time costs - even if you already employ the staff, there is still a cost - I'm sure the support guys weren't sitting around on their backsides doing nothing beforehand...

  27. Geoff Mackenzie

    Interestingly ...

    ... if you read the Windows license carefully, it actually states that you shouldn't use it where anybody's life is at stake. This probably doesn't apply to Windows for Warships and the like, but what are these people running? XP? So Microsoft warned them the system wasn't up to it (and in fairness, if I'm guessing right about the OS, the system wasn't designed to be up to this sort of job).

    Does nobody read the license agreement? Don't answer that.

    My gut reaction was actually to go on a Linux-recommending rant, but in fairness, although I do think Linux is pretty stable and a minimal configuration can be incredibly robust, there are probably better things to run in an operating theatre. It would still be preferrable to an OS that literally comes with a health warning though.

  28. Bruno Girin
    Thumb Down


    'The trust argued that the consequences of its decision making had not cost public money, "just time and effort by the IT teams".' Err... and with what money is the IT team paid? Public money presumably? I know IT staff are not paid that much these days but still.

    Also @Jon and others: they never said the theatre PCs were connected to the Internet nor that any of those were part of the 800 that are infected, they just said it was due to one of them that the decision to suspend automatic updates was taken. And remember that this virus can propagate through network shares, USB keys, etc. so depending on their network topology, you could very well have machines infected even though they have no Internet access: they just need to be connected to the network and they presumably are, at least indirectly, if they receive Windows updates.

  29. Anonymous Coward
    Anonymous Coward

    Operating Theatres

    I have worked in an OT environment for 7 years, and all the PCs used by our health trust run windows.

    What mystifies me is that the PCs rebooting caused a significant problem. The software used in our theatres is primarily a database to track operating lists, staff involved in operations, surgical implants used, operating times, serology and other investigation results, and the like - the vast majority of which is still recorded on paper as well.

    The only other application (and only recently introduced) has been the electronic viewing of X-rays and CT scans, with software to allow orthopaedic surgeons to plan the sizes of hip/shoulder/knee replacement implants pre-surgery.

    The temporary (over the span of even as much as an hour or so) unavailability of any of these systems is nothing more than slightly inconvenient. However, this is simply a snapshot of OT computer use in a single trust,. Sheffield may be using more involved and safety critical systems.

    Also, our IT department at least has the sense and decency to run planned maintenance and updates out of hours, and have the courtesy to email us and let us know in advance when and for how long the computers will be out of use.

  30. Loki
    Thumb Down

    You have to love comittees

    Its why they have committees. So nobody is to blame and they can keep taking their fat pay checks regardless of how badly they feck up.

    Its been proven time and again, if nobody is responsible for decisions then people do what they think is easiest for them.

    Was it President Eisenhower who had on his desk a sign saying: The buck stops here.

    Nothing wrong with Committees per se as advisory boards, but someone has to be decision maker and put their balls on the line.

    Still, sounds like one major SNAFU. Auto-rebooting computers... shouldnt happen anywhere these days.

  31. Anonymous Coward

    Group Policy and WSUS

    I can't believe no one here has said this yet but every single aspect of Windows Update that you can think of is configured using Group Policy and WSUS and is exactly what an organisation of this size should be using and I'm sure they were (though perhaps the Automatic Reboot setting wasn't ideal for the operating theatre PC's, pro's and con's of using Windows in a theatre aside.

    It sounds to me as though the Anonymous person quoted in the article suggested to his boss that operating theatre computers be assigned to their own WSUS / Group Policy groups so they can be configured differently. His computer illiterate boss who one assumes is pally with a rather miffed surgeon overruled this decision. I think this man is where the focus should be.

  32. Chris Byers

    Please don't blame the techies (yet)

    Blaming the network staff here is a little premature I think. Many times the advice of network managers and other IT staff is ignored and it is very possible the 'IT Change Advisory Board' has no one with any technical experience at all, or the senior IT bods on the panel are so out of date to be next to useless when forming any kind of sensible decision.

    Please don't blame the techies. Chances are they know exactly what they need to do and how to do it. Unfortunately the 'customer' and management may be getting in the way here I suspect.

  33. Anonymous Coward
    Thumb Down

    @AC - No cost?

    not to mention that I doubt "external anti-virus specialists", called in to work on an emergency, will do doing so free of charge...

  34. Anonymous Coward

    "IT Manager" -- orly?

    Sack the clueless cunt. As others have said, the fucking exploit was announced waaaaay before December and it's just piss-poor admin policy if the fucking things are set on the default "check for updates smack-bang in the middle of the working day" policy and have them internet-capable and not on a segregated LAN with its own update server...


  35. robert

    How many times does this sort of thing have to happen...

    before people will learn not to use Windows crapware.

    There are better alternatives and as soon as people start using them they will get even better.

  36. Anonymous Coward
    Anonymous Coward


    Perhaps if they setup the Update Services correctly they would not have had to disable it.

  37. Anonymous Coward
    Anonymous Coward

    Who said anything about the Internet?

    Some dumb comments on here - this worm spreads on a network internally via network shares, no access to the Internets required. It might have got onto the network via USB flash drive.

    Also, the surgery could have been taking place at 3am - this is the default setting for automatic updates to be applied. You've got to keep it simple - yes WSUS & GP allows you to configure everything but changing defaults around for the sake of it isn't a good idea. No doubt lesson learned - the hard way. Feel sorry for the IT bods at the bottom dealing with it.

  38. Anonymous Coward


    Where I work, we don't deal with anything as important as a machine in an operating theatre, but even we implement Windows updates using WSUS and if anything is mission critical we only update it manually when we can safely take it off line.

    It's not rocket science!

  39. Anonymous Coward


    This is one of the most ridiculous things I've ever heard.

    Group policy combined with WSUS has all the options you need to control updates, stop machines automatically installing or rebooting!

  40. Anonymous Coward

    In a critical area doesn't mean the computer is safety critical

    Why is everyone assuming that just because a computer is in an Operating Theatre it means that it must be running mission critical tasks?

    The article says nothing about what it was actually doing and for all we know it could have just held the surgeon's mp3 collection! It's fairly safe to say that it's not running anything on the life support side as it's likely that we'd have heard about the resulting deaths along with an amusing Register headline like "Blue Screen of Death" or something.

    Having said that, what an absolutely crazy decision to turn of ALL updates! As has been said by others, it's not like WSUS is a difficult one to set up!

  41. N Silver badge

    PCs in an operating theatre?

    Do I read this right, or has the NHS along with the dim wits that run its IT gone insane?

    So, if I ever have to go into hospital, not only do I take my own cleaning stuff & so on but a computer as well, just in case the one in use croaks


  42. Mungo
    Paris Hilton

    Oh we go again.....

    You just cant help yourself can you. You just dont get it!!!!!

    If each and every one of you beardy-wierdy, tank-top abusing, sandal wearing, penguin loving freaks of nature wrote as many lines of code for linux apps as you do lines of abuse found here and in other comment areas and blogs then the world would be run completely by linux.

    You slag off the fact that there is a windows PC in the theatre. Its not there to run OpenOffice or pick up some fucking email. The reason a windows PC is in there is because the application THEY want to run isn't available in Open Source or Linux. Why isn't it available? Because you usless fuckers are patrolling comment areas and blogs ready to troll windows failures instead of looking to improve Open Source application availability and properly compete in the market.


    Paris because even she knows a single opensource app does not fulfill the requirement of an entire market sector.

  43. Ed Blackshaw Silver badge

    For automatic updates to reboot a computer

    it would surely have to be connected to t'internet. This somewhat beggars the question, WTF is a computer in an operating theatre, presumably which performs some critical function towards the surgery (otherwise what is it doing there) connected the the internet? Surely any machine performing a critical life support function in a hospital should be in an isolated environment, in which case it wouldn't need updates anyway?

  44. TerryG
    Thumb Down

    Patch management?

    Why was an organisation of this size relying on automatic updates to patch their machines? There are enough patch management systems out there to control the rollout of updates to PCs that don't rely on the vagaries of a random download and reboot. Even WSUS could've handled the theatre PCs as a special case and that's a free download from MS.

    This isn't a Windows problem so much as a management issue. Put this shower of monkeys in charge of a Linux installation and they'd still screw it up.

  45. Bassey

    The trust are talking crap

    None of this adds up to a problem with Microsoft. It all adds up to a problem with management not having a clue what they are doing. For a start, despite comments from the usual Mac and Linux retards above, Operating Theatre PC's running windows are not running anything important. They don't run life support systems or any of that crap so the PC's rebooting would have been a minor inconvenience, not life threatening.

    Secondly, why were the PC's all left to update themselves? There is no good reason for 90% of these PCs to be on the Internet in the first place and, in any case, it's appalling bad management to let them update themselves. Updates should be being pushed out from a central location in a controlled manner and at a specified time. Even then, it can be configured so that the user is ASKED if they want to reboot now or later.

    And lastly, as pointed out above, the patches were released in October but update wasn't turned off until December. So, someone, somewhere, is telling big fat lies to cover their arse..

    So this is a case of management not knowing Jack Shit and making crap up to cover themselves. The Linux and Mac retards who clearly didn't bother reading the article before hitting the button they have set up to post "Ha ha, Windows failed, Linux/Mac rules" can all crawl back under their rocks now.

    NHS in huge management fuck-up is hardly a news story is it?

  46. Anonymous Coward

    Time for SEI CMMI for IT?

    I'd think a hospital would be Level V.

  47. Anonymous Coward
    Thumb Up

    From Sheffield, quote of the week

    "Don't you just hate it when your boss is so computer illiterate yet has the power to veto the simplest of ideas to catastrophic end"

    Immaculately phrased.

  48. Conrad Longmore

    Patches? We don't need no stinking patches.

    Patching is the optimum solution (and for the vast majority of PCs on desks it is the only sensible one). But in the case of Conficker, any decent AV program should have stopped it. Alternatively, a product such as eEye Blink can provide effective endpoint protection without really needing patches at all.

    HOWEVER - Conficker is a tricky beast. If someone logs onto an infected machine with Domain Admin rights then it's pretty much game over, even if you have the patches installed. You cannot rely on patching alone.

  49. Duncan Hothersall

    @ Mungo

    Alright sunshine, what app was it that was so mission-critical in the operating theatre that they had an internet-connected PC running Windows to enable it to be run? Name the app, or withdraw your shitty, wrongheaded diatribe.

  50. Anonymous Coward
    Thumb Down

    Linuxtards find another excuse to strike

    It's not the OS that's at fault here, it's the mis-management that allowed a) the machines not to be properly locked down, b) system updates to be slapped on in what seems to be an uncontrolled manner, c) an ill-considered response to some objections to a small number of these updates to cause an even bigger outage!

    The problem exists between keyboard and chair...


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021