Dedicated to providing the latest
HIPAA compliance news

Health System’s Network Taken out by Qbot Malware

Share this article on:

Royal Melbourne Hospital’s pathology department’s network was taken down this week by a new variant of Qbot malware, highlighting the damage that can result from tardy software upgrades and patch installations.

Microsoft stopped issuing patches for Windows XP in April 2014, leaving the operating system prone to attack. There were fears that as soon as the patches stopped being issued a wave of cyberattacks via zero-day exploits would follow. Those attacks failed to materialize, but any system running the defunct operating system was left vulnerable when support was retired.

The decision to keep using Windows XP rather than upgrading has proved extremely costly for Royal Melbourne Hospital’s pathology department. A zero-day vulnerability in XP was exploited resulted in the hospital’s pathology department network being infected with malware, taking the network out of action. The malware also attacks Windows 7 machines and a number of XP and Windows 7 machines were infected. With the network taken down, the hospital’s pathology department was forced to manually process urine and blood tissue samples.

Qbot malware was first discovered in 2009. The malware attacks systems in a number of ways. It acts as a keylogger and password stealer, and once installed on a machine will log and send data to the hacker’s command and control servers. Qbot malware also adds infected machines to a botnet and is capable of performing remote FTP commands. The latest variant also kills computers running Microsoft XP.

The hospital’s IT department has now managed to contain the infection and has rid most of its computers of the malware by reimaging the machines. The hospital’s IT department must check the hundreds of computers and applications to ensure that all traces of the malware have been eradicated. That process could take weeks to complete.

Royal Melbourne Hospital was in the process of upgrading the software on all of its machines, but since many applications and older equipment required XP to run and would not work on newer versions of Windows, this was not a quick and simple task. Only 2200 out of some 4,000 machines had been upgraded when the malware struck.

The Windows XP upgrades have now been fast-tracked to prevent future malware infections and antivirus solutions changed to stop the infection. However, the hospital may not be out of the woods yet. The decision was taken to upgrade from XP to Windows 7, which is also unsupported. Microsoft stopped supporting Windows 7 on January 13, 2015., leaving that operating system also vulnerable to zero-day exploits. The decision to ease the cultural change that accompanies any new system upgrade by upgrading to Windows 7 could well prove to be extremely ill advised.

The malware attack highlights the importance of being prepared for system upgrades. Microsoft does not stop support for its systems overnight and gives plenty of notice. This is just as well. The work involved in updating applications can be considerable and can take many months to complete. System upgrade planning must therefore commence as soon as announcements are made that support will be withdrawn.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On