Malware disables ambulance response systems

An unspecified malware variant recently disabled the automated response systems of a New Zealand-based ambulance service.

The service – which provides 90% of the emergency and non-emergency ambulances in the country – was forced to manually allocate the rescue vehicles over a 24-hour period.

“Anti-virus software protected the systems but as a result of the virus it impacted on some of the systems services, mainly those related to paging and radio,” Alan Goudge, communications operations manager for the St John Ambulance, confirmed.

“Back-up systems immediately took over when it was detected and the workload was managed manually.”

Although the malware did not seem to specifically target the ambulance service, the incident is obviously not the first time a medical entity has been affected by viruses or worms.

As Sophos security expert Graham Cluley notes, the Mytob worm hit a number of London hospitals in 2008, while the Northwest Hospital and Medical Center in north Seattle was affected by a 2005 attack which shut down computers in the facility’s intensive care unit and prevented pagers from working properly.

A 21-year-old man was ultimately sentenced to three years in prison and fined a quarter of a million dollars in connection with the Seattle case.

“The fact is that malware often doesn’t discriminate between who its victims might be. Whether you’re running a computer in your spare bedroom, or operating critical systems in a medical environment, your PC may still be at risk,” said Cluley.

“Anyone who still thinks that virus-writing is ‘mostly harmless’ and only really impacts the foolish who don’t have backups, should consider what the possible consequences of taking down the systems of an ambulance emergency service might mean.”