[j.blackbird]

I'm not looking for solutions only opinions on a situation at work.

I work in a department at a teaching hospital that uses primarily an EMR (electronic medical record). We used to use Novell for networking but have recently migrated to Windows.

Which is fine I guess if it wasnt for the massive outbreak of malware we have been experiencing - tons of backdoor trojans, worms, etc. for example, it is going on two months since the oh-so-wonderful qakbot worm made its first appearance and has been followed by the ircbot...worse thing is, they just keep multiplying oddly enough.

I say oddly enough because we have Symantec Corp. Edition protection that is "somewhat" catching the malware and I.S. which has been more than aware of the problem. My guess is is that they stopped these nasty little bugs from communicating or actually logging anything but im not so sure.

so here is my question up for debate - I.S. is basically stating that although the malware is still being found on all of the computers and consistently replicating itself - that it is BASICALLY HARMLESS.

confused? because i know i am.

whats your opinion on this? I;m interested to know.

[Advertisements]

if they have isolated the infection to a specific virus/malware/whatever and they are 100% sure that that's the ONLY thing on the machines and they're 100% sure that they know EXACTLY which variant they're dealing with, they can lock down the firewall to block it's outbound traffic...so it's theoretically possible that everything is ok... HOWEVER that's a lot of ifs, and they all revolve around 100% assurance of the environment. for every 1 known infection there are probably at least 2 or 3 that come along with it for the ride that don't show up as easy or aren't detected by the AV...

i used to work in a hospital and we did EMR stuff as well (full electronic charting et al) and our IT group had the knowledge/forethought to completely segregate that network from the outside world....it was COMPLETELY internal, there was a "bridge" that would connect the internal network through a DMZ out to a "publicly" accessible server (not public as in any joe schmoe could get into it, but public in that doctors could access it via the internet through a VPN tunnel) for outside access

why anyone would allow direct external access (i.e. the ability to get to the internet) from this EMR system is beyond me. with something that important users shouldn't be able to browse the internet from those machines

[dsenette]

if they have isolated the infection to a specific virus/malware/whatever and they are 100% sure that that's the ONLY thing on the machines and they're 100% sure that they know EXACTLY which variant they're dealing with, they can lock down the firewall to block it's outbound traffic...so it's theoretically possible that everything is ok... HOWEVER that's a lot of ifs, and they all revolve around 100% assurance of the environment. for every 1 known infection there are probably at least 2 or 3 that come along with it for the ride that don't show up as easy or aren't detected by the AV...

i used to work in a hospital and we did EMR stuff as well (full electronic charting et al) and our IT group had the knowledge/forethought to completely segregate that network from the outside world....it was COMPLETELY internal, there was a "bridge" that would connect the internal network through a DMZ out to a "publicly" accessible server (not public as in any joe schmoe could get into it, but public in that doctors could access it via the internet through a VPN tunnel) for outside access

why anyone would allow direct external access (i.e. the ability to get to the internet) from this EMR system is beyond me. with something that important users shouldn't be able to browse the internet from those machines

[j.blackbird]

if they have isolated the infection to a specific virus/malware/whatever and they are 100% sure that that's the ONLY thing on the machines and they're 100% sure that they know EXACTLY which variant they're dealing with, they can lock down the firewall to block it's outbound traffic...so it's theoretically possible that everything is ok... HOWEVER that's a lot of ifs, and they all revolve around 100% assurance of the environment. for every 1 known infection there are probably at least 2 or 3 that come along with it for the ride that don't show up as easy or aren't detected by the AV...

i used to work in a hospital and we did EMR stuff as well (full electronic charting et al) and our IT group had the knowledge/forethought to completely segregate that network from the outside world....it was COMPLETELY internal, there was a "bridge" that would connect the internal network through a DMZ out to a "publicly" accessible server (not public as in any joe schmoe could get into it, but public in that doctors could access it via the internet through a VPN tunnel) for outside access

why anyone would allow direct external access (i.e. the ability to get to the internet) from this EMR system is beyond me. with something that important users shouldn't be able to browse the internet from those machines

yes, i feel the same way. I ask because i dont know everything there is to know about malware and the possible security measures big corporations can take to protect sensitive information.

from what i have heard the main issue was when they moved from Novell to Windows and from groupwise to Outlook.

:sigh: i worry often about the protection of all the sensitive data i work with. I agree with how it should be set up. at the moment, i am just keeping a documentation log of all the clean up i do on a daily basis of my work computer in hopes that i can send to my administrator and escalate this up the chain of command to at least try to keep our department segregated and safe.

i think that this is a huge issue for huge companies that are trying to make due with small IT teams - the resource availability and man power simply isn't there. you can have a handful of brilliant It experts but when you are dealing with a network that includes five major teaching hospitals...well its just not going to work.

[chamber]

More than likely Norton is missing the actual loader for the infection, which means that no matter how much it gets cleaned it will just keep popping back in there.

[dsenette]

if they have isolated the infection to a specific virus/malware/whatever and they are 100% sure that that's the ONLY thing on the machines and they're 100% sure that they know EXACTLY which variant they're dealing with, they can lock down the firewall to block it's outbound traffic...so it's theoretically possible that everything is ok... HOWEVER that's a lot of ifs, and they all revolve around 100% assurance of the environment. for every 1 known infection there are probably at least 2 or 3 that come along with it for the ride that don't show up as easy or aren't detected by the AV...

i used to work in a hospital and we did EMR stuff as well (full electronic charting et al) and our IT group had the knowledge/forethought to completely segregate that network from the outside world....it was COMPLETELY internal, there was a "bridge" that would connect the internal network through a DMZ out to a "publicly" accessible server (not public as in any joe schmoe could get into it, but public in that doctors could access it via the internet through a VPN tunnel) for outside access

why anyone would allow direct external access (i.e. the ability to get to the internet) from this EMR system is beyond me. with something that important users shouldn't be able to browse the internet from those machines

yes, i feel the same way. I ask because i dont know everything there is to know about malware and the possible security measures big corporations can take to protect sensitive information.

from what i have heard the main issue was when they moved from Novell to Windows and from groupwise to Outlook.

:sigh: i worry often about the protection of all the sensitive data i work with. I agree with how it should be set up. at the moment, i am just keeping a documentation log of all the clean up i do on a daily basis of my work computer in hopes that i can send to my administrator and escalate this up the chain of command to at least try to keep our department segregated and safe.

i think that this is a huge issue for huge companies that are trying to make due with small IT teams - the resource availability and man power simply isn't there. you can have a handful of brilliant It experts but when you are dealing with a network that includes five major teaching hospitals...well its just not going to work.

well that's the issue....hospitals are a different animal. they've been working the same way for 100's of years and they don't change very easy. and now they're all running to jump on the electronic band wagon, while still taking a hospital mentality to it all...which means the IT staff is almost always understaffed and in most cases undereducated (and underpaid)....it leads to issues

[anzenketh]

What is sad is that this type of thing is happening in a lot of places.

I would be very persistent on this matter and suggests a plan of action to your superiors. Who knows you might get a promotion from it. If I was part of this hospital I would not feel safe giving them the information that they need to do their job.