Viral attacks at two Scottish hospitals may have been caused by a limited security focus.

Alan Bentley, vice president of the strategic business unit of vulnerability management at Lumension, claimed that although the strain of malware involved in the attack is yet to be identified, the Mytob virus is entirely avoidable.

entley said: “In the past few months, attention has been focused on data protection and the control or management of removable devices such as USB sticks. However, the integrity of operations is still important and should not be overlooked.


“The re-emergence of known viruses or mutated versions is a continuing problem for anti-virus technologies. Each endpoint or server must have the correct signature in order to prevent the viruses causing a problem.


“A better way to manage this situation is to have an environment where you only allow applications that you have approved to execute – that means you would have to authorise a virus to work on your network. This approach removes the technology and human failure rate by always defaulting to a ‘known good' rather than trying to manage a ‘known bad'.”

He also recommended employing a good vulnerability management solution to ensure that a network is protected. He said: “While this type of problem is becoming increasingly common, it can be easily managed by restricting which applications can execute on an endpoint or server, with the use of application control.”