Advertisement
AlertSubscribe to Email Alert
American Medical News

American Medical News

 
BUSINESS

Preventive medicine key, even for computer viruses

The recent outbreak of Internet viruses shows how heavily some doctors depend on computers and e-mail, and the importance of protecting those business tools.

By Tyler Chin, amednews staff. Sept. 15, 2003.

  • PRINT|
  • E-MAIL|
  • RESPOND|
  • REPRINTS|
  • Share SHARE Share
  •  

Since mid-August, William C. Miller, MD, a solo internist in Cincinnati, has been deleting hundreds of e-mails flooding his inbox because of Sobig.F, one of several "worms" unknown writers of computer viruses unleash on the Internet daily.

"My computer was not infected, but I clearly was affected," Dr. Miller said. At the peak of the virus he received about 500 e-mails per day, five times the usual traffic. "It's easy enough to delete them; it's just a darn nuisance."

Thanks to up-to-date anti-virus software and other computer security practices, Dr. Miller escaped relatively unscathed. But other computer users worldwide weren't as fortunate, underscoring how crucial it is for physicians to take steps to keep viruses from bringing their computer networks -- and practices -- to a grinding halt, physicians and computer security experts say.

"Corporate America and this whole country rely heavily on e-mail, the Internet and computer networks," said Daniel Z. Sands, MD, MPH, an internist and clinical systems integration architect at Beth Israel Deaconess Medical Center in Boston. "It's important, obviously, that we use good, safe computing techniques."

The threat that hacker-created viruses pose will only grow worse. Even if you escaped damage from the trio of Internet worms that felled scores of computer networks worldwide last month -- Blaster, Nachi and Sobig.F -- you may not be safe. Another variant of Sobig.F was expected to strike after Sept. 10, the date the creator of Sobig.F set for the virus to time out. And, that new variant is hardly the only immediate threat computer users face, said Kevin Haley, group product manager for the security response team at Symantec Corp., an anti-virus software company that detects 600 to 700 new computer viruses monthly on the Internet.

Commercial anti-virus and firewall software thwarts most of those viruses. But a few will -- and do -- evade the products' safeguards.

The Sobig.F worm infected 2 million computers in 2 weeks.

From Aug. 19 to Sept. 2, Sobig.F infected about 1.9 million PCs worldwide, including 862,000 in the United States, according to the Web site of Trend Micro Inc., a Tokyo-based anti-virus software maker. Over a two- to three-week period ending Sept. 2, Nachi and Blaster infected about 70,000 and 64,000 PCs worldwide, respectively.

"We will get better at catching them, but there will always be people who will be working very hard at the same time to come up with new ways to defeat the security measures we come up with," Haley said.

Viruses are often hidden in e-mail attachments. They also can be hidden in spam, the unsolicited e-mail that makes up half of the daily Internet traffic, according to Brightmail, a San Francisco-based anti-spam software firm.

Know what you're opening

That is why Dr. Miller in Cincinnati is vigilant about protecting his computer network.

"Number one, I make it a point of not opening e-mail that looks like spam because some of these worms, viruses and whatnot infect computers just as soon as you open e-mail, not the attachment," Dr. Miller said. "The other thing is I don't ever open attachments unless I know exactly where it came from."

Viruses are often hidden in e-mail attachments.

He also buys anti-virus software every two years, downloads new virus definitions weekly from the Web site of his anti-virus software vendor and downloads critical software security updates from Microsoft Corp.'s site every two weeks.

Daniel Griffin, MD, a solo internist in Fort Collins, Colo., takes similar precautions. But they weren't enough to keep Blaster from infecting one of his computers. After a warning popped up on his screen, he immediately called an information technology professional.

Luckily, Dr. Griffin got the warning, and help, early enough so that the rest of his computer network was spared. He suspects the virus infected his computer after he opened an e-mail attachment from a patient.

Although he experienced little problem from Blaster, two years ago, after a lapse in updating his anti-virus software, another infection forced him to shut down his network for several hours. That virus made copies of the Microsoft Excel spreadsheets containing his practice's financials and e-mailed it to everyone in his Microsoft Outlook address book, Dr. Griffin said.

Despite those experiences, he continues to communicate with patients via e-mail, saying the technology is reliable and it reduces the volume of telephone calls. In fact, some patients came to him specifically because, unlike their previous doctors, he is accessible via e-mail, Dr. Griffin said.

Viruses are a concern, he said, "and even more of an issue if you think about a practice like mine where we're completely computerized. But in my situation, if I went back and stopped using e-mail, I might be seeing one less patient a day, which as a week or a month goes by is easily enough to pay for the new anti-virus program or the information technology guy."

Another checkpoint

To make sure he doesn't miss important e-mail, he tells patients to call if they haven't received a response within 24 hours, Dr. Griffin said.

That's a habit Steven Arendt, MD, a family physician at Covington (Wash.) Primary Care, a seven-doctor practice owned by Valley Medical Center, appreciates.

"If you're going to use e-mail, viruses are just the reality of it," said Dr. Arendt, who chairs the AMA's e-Medicine Advisory Committee and e-mails patients. "That makes it even more important to set up the expectations with your patients ahead of time, as far as response time and limitations of e-mail."

Back to top


 ADDITIONAL INFORMATION: 

Some ways to reduce your virus risk

  • Install anti-virus and firewall software and keep it updated.
  • Download virus definitions periodically. Some anti-virus software products do that automatically or prompt you.
  • Periodically download the critical "patches" -- fixes to plug security holes in software -- that Microsoft Corp. posts on its Web site.
  • Delete suspect and junk e-mail from your in-box. Virus creators and spammers attempt to trick you into opening e-mails and attachments by making it appear as if they were sent by someone you know and by writing phrases such as "your request," "thank you" and "hello" in the subject line. They also use characters and symbols in the subject line in an attempt to bypass anti-spam software used by major Internet service providers.
  • Don't open e-mail attachments you aren't expecting. Don't open files that have .exe, .pif or .scr extensions.
  • Shut down unused "ports." Network access points, which allow users to access applications remotely, also can offer hackers entry.
  • Back up your data daily.

If a virus still infects your computer

  • Check the Web sites of Microsoft and your security software vendor for detailed instructions on how to remove the bug and download up-to-date anti-virus software.
  • Call your information technology support expert.

Back to top


Automatic fix

Microsoft Corp. is considering including a feature in all its operating systems that would allow users to configure their computer to automatically download patches or security fixes. At press time, that feature was available only on Windows XP:

  • Click Start, and then click Control Panel.
  • Click Performance and Maintenance. If that category is not available, click Switch to Category View.
  • Click System.
  • On the Automatic Updates tab, check the box for Keep my computer up to date.
  • Check Automatically download the updates and install them on the schedule that I specify.
  • Select day and time for the computer to install the updates.
  • Save your work because some updates require you to reboot the computer.

Back to top


Some types of viruses

Blended threat: Combination of techniques associated with different viruses.

Virus: A program or piece of software code that generally requires action by a computer user to spread among computers.

Trojan horse: Malicious code often hidden in e-mail attachments that, once activated, can be used by hackers to steal or destroy programs, computer files and personal information. Also can be used to create a "back door" that lets hackers control your computer.

Worm: A type of virus that replicates itself via e-mail without any action by the user. Last month, three "worms" wreaked havoc on computer networks worldwide:

  • Blaster, MSBlast or Lovsan exploits a specific vulnerability in some Windows operating systems. Once the worm infects a computer, it uses the Internet to find and attack other computers with the same security weakness.
  • Nachi or Welchia searches the Internet for computers that have the same vulnerability Blaster exploits so it can download a patch, which then overloads computer networks and causes them to crash.
  • SoBig.F is a mass e-mail worm that hijacks a computer user's e-mail address and sends a flood of messages to everyone in the address book.

Back to top


Wormy computers

A trio of Internet viruses wormed their way into almost 2 million PCs around the world from mid-August through Sept. 2.

Virus/worm  Worldwide  United States
Sobig.F1,856,631862,016
Nachi70,05231,140
Blaster63,82112,327

Source: Trend Micro Inc.

Back to top


Patients know how, when to use e-mail

Patients who e-mail physicians usually ask questions about ongoing medical care rather than new problems, according to a recent study by Medem.

A random sampling of 2,000 e-mails transmitted over Medem during a two-month period showed that patients are using e-mail appropriately, said Edward Fotsch, MD, the company's CEO. Medem, a San Francisco-based secure messaging company, is owned partly by the AMA.

Half of the e-mails, which were stripped of identifiable data before being examined, fell into the category of general physician office secure e-mail for prescription refills, appointment requests and other administrative issues; the remainder were online consultations.

The study's finding suggests that physicians who make themselves accessible to patients via e-mail will not be bombarded by patients asking to be treated online for new problems or forwarding jokes, Dr. Fotsch said.

The study also found that women sent 90% of the e-mails. "Certainly when you're talking about chronic conditions or ongoing care, women are driving the bus," Dr. Fotsch said.

Back to top


Copyright 2003 American Medical Association. All rights reserved.
 
Advertisement