Hospital Equipment Infected with Conficker

Dennis Faas's picture

Recently, the Conficker/Downadup worm infected several hundred machines and critical medical equipment in an undisclosed number of U.S. hospitals.

The attacks were not widespread; however, Marcus Sachs, director of the SANS Internet Storm Center, told CNET News that it raises the awareness of what we would do if there were millions of computers infected in hospitals or in critical infrastructure locations.

It's not clear how the devices (including heart monitors, MRI machines and PCs) got infected. Infected computers were running Windows NT and Windows 2000 in a local area network (LAN) that wasn't supposed to be Internet accessible, but the LAN was connected to one with direct Internet access. (Source:

A patch was released by Microsoft last October by November that fixes the problem, but the computers infected were reportedly too old to be patched.

U.K. Hospitals Infected with Conficker in January

This past January, The Register U.K. reported that hospitals in Sheffield were found to be infected with the Conficker/Downadup worm.

The infections illustrate dangers that can arise from connecting critical networks, such as those in hospitals and in SCADA (Supervisory Control and Data Acquisition) systems used by utility companies and other critical infrastructure providers that are networked and configured to connect to the Internet.

For years SCADA systems were separated from public networks, but not anymore. More utility companies use remote access and other Internet-based technologies to give their workers access to the control systems when they're not in the plant to cut costs.

So far no evidence of compromised computers leading to a disruption of service has been found, but the potential exists.

Texas Dept of Public Safety Computers Infected

A recent report from says that the Texas Department of Public Safety (DPS) was also infected by the Conficker/Downadup worm on April 17, 2009. (Source:

The infection prevented approximately 2,000 state troopers from sending emails from their DPS computers and disrupted the issuance of Texas drivers licenses. The attack seemed to have affected DPS computers state wide.

Estimated Economic Cost of Conficker: $9.1 billion

A recent report from the Cyber Secure Institute claims that the economic loss due to the Conficker/Downadup worm could be as high as $9.1 billion based on their previous studies into the average cost of such malware attacks. (Source:

That estimate may actually be low, since it considered only a limited infection rate (200,000 infected hosts) and the Conficker/Downadup worm is still active. The most recent estimate of computers infected with the Conficker/Downadup worm is 3.5 million.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet