I came across an article recently that had me doing a double-take when I saw the date it was published. It seems the jokes we aussies like to tell about our neighbours 'over the ditch' being behind the times may be true, as in December the Waikato District Health Board over in Aotearoa was ground to a halt by.....conficker!

You read that right, December 2009. To refresh your memory, Conficker exploited a vulnerability that Microsoft released the MS08-067 patch for back in October 2008.

To put that in perspective, some other events from October 2008 were:

• Sarah Palin and Joe Biden have their only scheduled debate for the vice presidency of the United States
• U.S. President George W. Bush signs the US$ 700,000,000,000 bailout bill after it is passed by the House.
  
• Head of International Monetary Fund says the US Financial Crisis threatens to send the world into a recession.
  

All jokes aside, a virus outbreak affecting the information systems of multiple hospitals is a very serious matter. So is the almost crim­i­nal incom­pe­tence in the IT management/administration that allows 3000 desktops to lack up to date anti-virus and patches that were over a year out of date.
To make matters even worse (if that's possible) the NZ Ministry of Health was hit by Conficker 12 months earlier! Obviously there were no lessons learned from this earlier outbreak...

Good security is hard. It takes planning, organization and hard work. Unfortunately for the patients of the Waikato DHB, bad security is easy. It requires nothing more than apathy and ignorance. In this case it took not doing what even the most computer illiterate user knows are 'the basics' (patching and AV).

One can only hope that this is a wake up for organizations and Government departments, not only in NZ, but everywhere.