Calls could be made for a review of NHS security policy after three London hospitals were hit by the Mytob worm.


A spokesman said well-rehearsed emergency procedures were in place and that the virus was ‘not malicious', and the infection was ‘self-contained'.

However, David Harley, director of malware intelligence at ESET claimed that an urgent review of the NHS security policy may not be enough. He admitted that a review would not do any harm but asked how so many systems were apparently compromised?


Harley said: “Unless the infrastructure has changed dramatically in the last two and a half years, much NHS email goes through a mail service currently called NHSmail.


“NHSmail was intended to replace the relay services that carried the bulk of NHS email at the beginning of this decade. The current service is defended by ‘cutting edge' anti-virus and anti-spam, and that protection was supposed to have been extended to the relay services several years ago.


“So, there is certainly a question to be asked about the state of the Trust's own email defences. I have to wonder, though, how email-borne malware can apparently still get through to an NHS site as easily as it could earlier in the decade, when email services were far more fragmented and decentralised?”