NHS and the WannaCrypt Virus

Don’t get me wrong – I LOVE the NHS.

However, I was pretty shocked and majorly disappointed when I learnt that parts of the NHS’ IT system was run on Windows XP….

By now most people would have heard about the ransom ware attack that managed to affect most of the world’s countries and cause a huge amount of chaos within the NHS in May this year.  The ransom attack appeared to take advantage of a loop hole in Microsoft Windows.

Back in March 2017, Microsoft released a patch to fix the loop hole. However, the patch only applied to currently supported versions of Windows.

XP stopped being supported in April 2014! THREE YEARS AGO!

Fortunately, Microsoft took the unusual step of releasing a patch for all older versions of Windows but who knows what other vulnerabilities exist in XP.

I get that the government seem determined to destroy the NHS and keep cutting its funding. However, I still think that the NHS’ IT departments also need to take some of the blame, and should technically still be accountable.

Running a critical system and storing extremely sensitive personal data using an operating system that has been unsupported for over three years ASTOUNDS me.

It’s completely unacceptable.

I get that the NHS is running out of money, but given the importance of a working IT system and the high risk of something like this happening, there really is no excuse.

Also, the system should be capable of offering adequate safeguards for the most personally sensitive and vital data there is. We’re not talking about people’s names and menu options – we’re talking about people’s medical histories – information about people’s deepest vulnerabilities.

Under the Data Protection Act 1998, systems are required to have appropriate security to prevent personal data being accidentally or deliberately compromised. Things are only going to get more serious with the introduction of the GDPR next year – putting the NHS at risk of extremely high fines.

Surely not upgrading XP, despite Microsoft making it clear that under no circumstances should anyone be running an old unsupported version of Windows falls massively short of that?

It’s akin to treating patients in a dilapidating hospital that could collapse at any moment, putting patients lives at risk, and destroying any ability of doctors and nurses to do their jobs, (while simultaneously handing over medical records to insurers and the underworld for free), without bothering to spend any money on fixing the building or having a basic level of security. It wouldn’t happen.

I get that upgrades can be disruptive. But guys – you had plenty of time to sort this out and upgrade. Many hospitals did.

Technology has the ability to enhance NHS services SO MUCH. For it to be embraced, it needs better management and accountability, and the buy-in of the public, which is not helped by incompetent episodes like this.

I have a dim view of NHS IT services. A friend of mine got paid a fortune as a contractor to manage one of their IT projects a few years ago.  He worked from home, boasted about how little work he had to do, was in charge of a budget of millions, was inexperienced, and negotiated millions of pounds worth of contracts that had no accountability or enforceability provisions. After spending millions of public funds the project was cancelled. A waste of a lot of public money.

The picture I got from his experience was one of chaos and low standards.

I thought things may have changed by now… Obviously not.