NHS hospitals across England hit by large-scale cyber-attack

[Neville's Breakfast]

Nicked this off a friend of mine but it's a real good summary of why this is no accident.

Up until 2010 the NHS had a single contract with Microsoft to cover all their software, servers, Office, everything. Then Andrew Lansley and the Tory/Lib Dem government released a Whitepaper called Liberating the NHS.
It said it was "NHS services will increasingly be empowered to be the customers of a more plural system of IT and other suppliers".
Which sounds OK at first glance. But was in fact disguising the fact that they cut the budget for the Microsoft agreement, and told local authorities to figure it out themselves.
Now, I'm not a huge fan of Windows. But the deal they struck with them in 2004 was amazingly good value. Offering full licensing for everything including support for 900,000 NHS staff at a cost of around £72 per head.
There's 151 local authorities, each expected to save money by replacing that deal with something they negotiated individually. It was an insane plan, and obviously doomed. Yet the Government claimed they were "saving £500,000,000".
So that's why the whole of the NHS lacks and central IT policy, budget, or capability for dealing with even the most basic "cyber-threat". It could probably be taken down by a cleaner unplugging a server to plug a vacuum cleaner in.

If that's the complete truth and context then it certainly sounds like a poor IT procurement decision. The problem for us as citizens is that poor IT procurement decisions have been a feature of Tory, coalition and Labour Governments. When either side criticizes the other on such an issue they need to remember the context and the complexity of running our public services. The decision making process in the public sector is multi layered and extremely slow. It is not managed day to day from the top in the same way as a small private company. For this reason I don't blame politicians from any party for IT procurement decisions. Any decisions they take will be basis the information they are given. To make political capital on such an issue is to see everything in black and white rather than a more realistic grey.
If elected then a JC Government would also look to make savings in order to pay for Labour's priorities. If presented with a cheap IT solution that would allow for more spending on front line care then there is every possibility that Labour could find itself in a similar predicament and I would not be critical of them for it.

 

[Silk]

A very poigniant observation, how much are those who run the NHS paid, they are on huge salaries to run a large torpid organsiation, for some systems to have no security whatsoever as we are now hearing is criminal. Are we really expecting the health secretary to delgate where all monies are spent within the NHS. It employs a million people and is indeed an extremely crass point to make by some, we'll be blaming him for lack of parking spaces or the shortage of coffee in the machines next. This is a huge management failure and quite frankly a disgrace, those who manage the NHS at all eschelons concerning IT should be ashamed!!

This is a huge, world wide attack affecting 200 or more countries, and many organisations, idiot. People trying to point the finger at the NHS, including some government ministers, are the ones who should be ashamed.

Sent from my F5121 using Tapatalk

 

[Triggaaar]

Nicked this off a friend of mine

Is your friend Diane Abbott?

the deal they struck with them in 2004 was amazingly good value. Offering full licensing for everything including support for 900,000 NHS staff at a cost of around £72 per head.

So that's £65m a year. That doesn't sound like a good deal to me.

There's 151 local authorities, each expected to save money by replacing that deal with something they negotiated individually. It was an insane plan, and obviously doomed. Yet the Government claimed they were "saving £500,000,000".

The cost was £65m, how could they save £500m?

 

[Silk]

Is your friend Diane Abbott?

So that's £65m a year. That doesn't sound like a good deal to me.
The cost was £65m, how could they save £500m?

Let me take a wild guess. The previous licensing agreements cost more.

 

[Sussex Nomad]

with the number of hospitals still using WinXP, even 2000 i've heard, hardly a surprise

Being a surprise shows that you really don't understand. XP is as robust as any other system run by Windows, so long as it is updated and patched. Microsoft have contracts to keep it stable. The problem here was caused by the NHS not updating patches since 2012. Paris airport still runs on 3.1 and they don't get problems. So understand before posting.

 

[Triggaaar]

Let me take a wild guess. The previous licensing agreements cost more.

That's not what the post said, it said that the £65m was good but local authorities were expected to save money by replacing that deal. It doesn't make sense.

 

[Silk]

That's not what the post said, it said that the £65m was good but local authorities were expected to save money by replacing that deal. It doesn't make sense.

Sorry, you're right, I misread it. I personally don't think the Microsoft deal could have been bettered. It's abandonment is probably the chief reason why computers have not been upgraded, i.e. it is, after all, the Tories fault!

 

[Triggaaar]

Sorry, you're right, I misread it.

No problem. Although since this is NSC, I'm not sure an apology is appropriate, perhaps you could just stick to your guns and we can argue about it for a day or two?

I personally don't think the Microsoft deal could have been bettered.

I can't say I know about deals of that size, but £65m doesn't seem great to me. It's not like the staff have a computer each, many will share, many are hardly on a computer for their job. Regardless though, it looks like some at the top have ****ed up royally.

 

[Silk]

No problem. Although since this is NSC, I'm not sure an apology is appropriate, perhaps you could just stick to your guns and we can argue about it for a day or two?
I can't say I know about deals of that size, but £65m doesn't seem great to me. It's not like the staff have a computer each, many will share, many are hardly on a computer for their job. Regardless though, it looks like some at the top have ****ed up royally.

As I hinted at before, it was cheaper than previous arrangements: assuming the figure is correct. Which it may not be.

 

[Silk]

Also, there seems to be a lot of misinformation (aka cobblers) out there about the deal and what it actually covered. As I recall, it covered software licensing and support. Not computer hardware, and not security.

Sent from my F5121 using Tapatalk

 

[beorhthelm]

Being a surprise shows that you really don't understand. XP is as robust as any other system run by Windows, so long as it is updated and patched. Microsoft have contracts to keep it stable. The problem here was caused by the NHS not updating patches since 2012. Paris airport still runs on 3.1 and they don't get problems. So understand before posting.

ah yes, security through obscurity, works for many. XP was never as robust as later Windows, and the coveat "as long as its updated" highlights the problem. Microsoft doesnt release patches for all vulnerabilities in XP even with extended support, and theres scope for vulnerbilities to be found and exploited that dont exist on later OS (and IE, the gateway to many malware).

 

[Brighton Mod]

This is a huge, world wide attack affecting 200 or more countries, and many organisations, idiot. People trying to point the finger at the NHS, including some government ministers, are the ones who should be ashamed.

Sent from my F5121 using Tapatalk

Why should government ministers be ashamed? Has the Fire Brigade been affected, the civil service, the military, the police, the coastguard, schoools and universities etc. No just the NHS, so why should the government be asheamed? You call me an idiot and then provide no counter arguement, reckon you're out of your depth already fella.

 

[Silk]

Why should government ministers be ashamed? Has the Fire Brigade been affected, the civil service, the military, the police, the coastguard, schoools and universities etc. No just the NHS, so why should the government be asheamed? You call me an idiot and then provide no counter arguement, reckon you're out of your depth already fella.

"This is a huge, world wide attack affecting 200 or more countries, and many organisations"

That was the counter argument. Sorry you missed it. To be fair, it was at the beginning of my message, so you'd probably forgotten it by the time you reached the end. Fella.

Sent from my F5121 using Tapatalk

 

[Brighton Mod]

"This is a huge, world wide attack affecting 200 or more countries, and many organisations"

That was the counter argument. Sorry you missed it. To be fair, it was at the beginning of my message, so you'd probably forgotten it by the time you reached the end. Fella.

Sent from my F5121 using Tapatalk

So are the government responsible for telfonica et al, why is the government responsible for one facet of this attack and would it not be irresponsible of me to suggest that criminal cyber attacks continue every day. Are you saying that the government is responsible because it did not micro manage the NHS, despite the fact that the NHS has a huge number on its payroll that earn more than the Prime Minister, are you saying its down to lack of money, investment in installing free patches provied by microsoft or are you just using this situation to make a cheap political point.

Your point is neither cogent nor clear, I am confused by your points. Sorry I upset you by calling you fella, you appear to be on edge and very defensive of some, as yet unidentified point of view.

 

[Silk]

So are the government responsible for telfonica et al, why is the government responsible for one facet of this attack and would it not be irresponsible of me to suggest that criminal cyber attacks continue every day. Are you saying that the government is responsible because it did not micro manage the NHS, despite the fact that the NHS has a huge number on its payroll that earn more than the Prime Minister, are you saying its down to lack of money, investment in installing free patches provied by microsoft or are you just using this situation to make a cheap political point.

Your point is neither cogent nor clear, I am confused by your points. Sorry I upset you by calling you fella, you appear to be on edge and very defensive of some, as yet unidentified point of view.

The NHS is a public sector organisation, therefore yes, the government bears some responsibility if there​ has been an inability to invest in up to date equipment. You can tell they bear some responsibility from the way they have immediately started dodging it. The media are still labelling it "NHS cyber attack", even though it is well known to be a global attack. Another excuse to bash the NHS.

 

[Brighton Mod]

The NHS is a public sector organisation, therefore yes, the government bears some responsibility if there​ has been an inability to invest in up to date equipment. You can tell they bear some responsibility from the way they have immediately started dodging it. The media are still labelling it "NHS cyber attack", even though it is well known to be a global attack. Another excuse to bash the NHS.

So do we give the government credit for protecting the Police, the military, the civil service, schools, universities etc. Those who run the NHS, which is not a government department, but integral management on large salaries must bare responsibility for this failure. If you criticise the government for the failure of 48 Health Authorities then by definition you must say that they protected the other health Authorities that were not affected. You apply a broad brush to your observations when clearly its not necessary, as more Health Authorities were unaffected than those that were affected, are you suggesting that the government protected some authorities whilst it ignored others. Are you suggesting the SNP did the same in Scotland. Its too simple just to hang this on the government, there have clearly been internal failures in the NHS and this needs to be addressed and not just by piling more money into an ever increasing chasm.

I'll not bash the NHS, my daughter is an A & E nurse and i'm currently undergoing treatment from the NHS, which has been excellent. But I do recognise that there are failings in the management of the NHS above the frontline level of treatment, of which one has just manifested itself with this Cyber Attack.

It should be recognsed that although we have a health minister, he can only direct the NHS strategically and does not become involved with the tactical day to day, week to week or month to month operation of the NHS. The NHS has its own directors and managers, these are the people responsible for not recognising the importance of cyber security and quite frankly are not up to the job. Anger, responsibility or whatever you may call it should be directed at these people, they have let us all down and to be totally clear I am not bashing the NHS, only those responsible within the organisation.

 

[Silk]

So do we give the government credit for protecting the Police, the military, the civil service, schools, universities etc. Those who run the NHS, which is not a government department, but integral management on large salaries must bare responsibility for this failure. If you criticise the government for the failure of 48 Health Authorities then by definition you must say that they protected the other health Authorities that were not affected. You apply a broad brush to your observations when clearly its not necessary, as more Health Authorities were unaffected than those that were affected, are you suggesting that the government protected some authorities whilst it ignored others. Are you suggesting the SNP did the same in Scotland. Its too simple just to hang this on the government, there have clearly been internal failures in the NHS and this needs to be addressed and not just by piling more money into an ever increasing chasm.

I'll not bash the NHS, my daughter is an A & E nurse and i'm currently undergoing treatment from the NHS, which has been excellent. But I do recognise that there are failings in the management of the NHS above the frontline level of treatment, of which one has just manifested itself with this Cyber Attack.

It should be recognsed that although we have a health minister, he can only direct the NHS strategically and does not become involved with the tactical day to day, week to week or month to month operation of the NHS. The NHS has its own directors and managers, these are the people responsible for not recognising the importance of cyber security and quite frankly are not up to the job. Anger, responsibility or whatever you may call it should be directed at these people, they have let us all down and to be totally clear I am not bashing the NHS, only those responsible within the organisation.

This isn't difficult. The NHS is paid for from tax. Its budget is decided by the government. If it turns out that IT departments did not have the funding to replace ageing computer systems, then the government shares responsibility. I'd like to hear your suggestions as to how new IT systems can be provided "without piling in more money". I'm all ears. You are making huge assumptions about what happened in the NHS without providing any facts.

 

[Brighton Mod]

This isn't difficult. The NHS is paid for from tax. Its budget is decided by the government. If it turns out that IT departments did not have the funding to replace ageing computer systems, then the government shares responsibility. I'd like to hear your suggestions as to how new IT systems can be provided "without piling in more money". I'm all ears. You are making huge assumptions about what happened in the NHS without providing any facts.

'If it turns out that IT departments did not have the funding to replace ageing computer systems,' and you're accusing me of making assumptions, come on, that is the biggest assumption slanted to support your arguement. The government is not responsible for the budget nor the manning levels within the NHS, that is down to the directors of the NHS. The government will find the money and send a its strategic plan in consultation with the NHS. What if it turns out that money was provided for the upgrading of IT systems but was allocated elsewhere, where does that leave your arguement?

Your arguement starts from a position of wanting to blame the government, you appear not to have any understanding of how the NHS works as you appear to believe that the government controls the day to day affairs of an organisation that employs over a million people, it does not. Trusts are self administering, set out how they deliver care under their juristician and are responsible for setting and maintaining budgets.

Do you actually have any facts at your disposal or is it all speculation?

 

[Silk]

'If it turns out that IT departments did not have the funding to replace ageing computer systems,' and you're accusing me of making assumptions, come on, that is the biggest assumption slanted to support your arguement. The government is not responsible for the budget nor the manning levels within the NHS, that is down to the directors of the NHS. The government will find the money and send a its strategic plan in consultation with the NHS. What if it turns out that money was provided for the upgrading of IT systems but was allocated elsewhere, where does that leave your arguement?

Your arguement starts from a position of wanting to blame the government, you appear not to have any understanding of how the NHS works as you appear to believe that the government controls the day to day affairs of an organisation that employs over a million people, it does not. Trusts are self administering, set out how they deliver care under their juristician and are responsible for setting and maintaining budgets.

Do you actually have any facts at your disposal or is it all speculation?

Slippery devil, aren't you? The only argument I have actually made is that this a world wide attack affecting 200 countries and many organisations, not just the NHS, and that therefore people should not be rushing to point the finger. Which part of that do you have a problem with?

The sentence you highlighted was not a fact free assumption (like your argument), but a speculation (the clue is in the words "if it turns out".. IF).

Now, where are your facts proving NHS management responsibility again?

 

[Springal]

Windows is used in more than just traditional PC's.

Big problem in the NHS is things like MRI scanners that run Windows XP etc... and a lot of these manufacturers go bankrupt, out of business - so then what do you do?