Sheffield Teaching Hospitals Foundation Trust confirmed that around 800 computers have been infected with self-replicating Conficker code. Insiders at the trust said they suspect many more machines are affected but have not been reported to IT, reports The Register.
The trust said it now has the outbreak under control and is engaged in "clearing up" remnants. Non-urgent appointments in the medical imaging department had to be cancelled while its computers were disinfected. A trust spokesperson said it did not know of any other direct impact on patient care.
The decision to disable automatic security updates was taken during Christmas week after PCs in an operating theatre rebooted mid-surgery. The Conficker malware was detected on December 29.
David Whitham, the trust's informatics director, said: "We cannot be certain how the virus entered the network but at around the same time as the virus became evident the automatic Microsoft update process had been temporarily disabled following problems with some PCs providing supporting information in theatres.
"This decision was taken by the IT Change Advisory Board to prevent further disruption in theatres. The virus has now been contained and our IT team have been working very closely with external anti virus specialists to update PCs and remove the last remnants of the virus from the network to limit the chances of a repeat infection," he added.
People close to the incident criticised the management decision to disable updates across the entire network rather than only where the reboots caused a problem. "Don't you just hate it when your boss is so computer illiterate yet has the power to veto the simplest of ideas to catastrophic end," said one, who asked to remain anonymous.
In internal emails seen by The Register, staff were warned not to make details of the outbreak public. "Please note that this incident could over the next few days attract outside interest from the press... If you are at any time approached by anyone to give information relating to the current problem then please refer them to me in the first instance," IT services manager Carol Hudson wrote.
The trust argued that the consequences of its decision making had not cost public money, "just time and effort by the internal IT teams". It added: "A lot of lessons have been learned during the outbreak and they are being fully documented and discussed to prevent a repeat."
A Conficker outbreak is also affecting the Ministry of Defence. It is thought the worm acts to make infected machines vulnerable to further malware and harvests private information, though experts have warned its full purpose may not have been revealed yet.
Microsoft released a patch for Conficker in October, so updated machines should be unaffected. Until late December, Sheffield Teaching Hospitals had a policy in place that would apply security updates across its network a few weeks after the patch release, and enforce a reboot.
;
