blog Regular readers will recall that in late January, Royal Melbourne Hospital was forced to admit that many of its systems had been taken down by a Windows XP virus. I personally felt as though I had been thrust into a time warp in reporting this story, taken back to the years about a decade ago where it was actually a recurring trend that computer viruses would take down major corporations for weeks at a time.
Well, as it turns out, two weeks on, the hospital still has not quite got control of the IT infection. According to ZDNet (we recommend you click here for the full article), the virus continues to “mutate” and is still causing havoc:
“We had one day in the last week where the virus mutated six times,” Melbourne Health chair Robert Doyle told 3AW on Tuesday. “We are down to quite small outbreaks now but we are trying to stop it talking across computers.”
A lot of people — including myself — have commented on sites like Delimiter arguing that this kind of issue is related to Windows XP itself. Surely, many people feel, Royal Melbourne Hospital should have upgraded its Windows XP installations by now, to something more secure and modern.
However, upon reflection, what this story actually shows us is that IT security is not so much a matter of using a specific platform, such as a more modern version of Windows, or a specific security software suite. It is an overall philosophy, a process that needs to be continually in motion to deal with evolving threats.
After all, the Qbot virus doesn’t just attack Windows XP — it also attacks other versions of Windows, such as Windows 7. And the version that Royal Melbourne Hospital is grappling with is also a new version of the virus.
The reality is that malware will continue to evolve, and that the IT industry will see countless new variants over many years. I suspect that the problems we’re seeing at the Royal Melbourne Hospital will not be the only such issues we see over the next few years, even in organisations with much more modern IT platforms underpinning their operations. Security software has gotten smarter, but so has malware — and it will continue to evolve and grow more sophisticated.
The Royal Melbourne Hospital incident should probably serve as a wake-up call to the rest of us: Re-examine and update your IT security strategy now: Before it’s too late.