Hackers get easy route to patient data – still on Windows XP

Mark Bridge exposes the incompetence of the different health services in rationing technology – something no self employed businessman would risk: The Times 8th December 2016 – Hackers get easy route to patient data

Image result for computer hackers health cartoon

Patients are being put at risk because most NHS trusts are using an obsolete IT operating system that no longer receives security updates, researchers have warned.

The trusts’ use of the old Windows XP system could enable hackers to steal patient data or take control of hospital infrastructure. Criminals have already used cyberattacks to hold hospitals to ransom and an NHS trust in Lincolnshire and East Yorkshire said this week that an attack in October led to the cancellation of more than 2,800 patient appointments, including operations.

Citrix, the software company, made freedom of information (FoI) requests to 63 NHS trusts, with 42 responding and 38 confirming that they still used XP.

Windows XP, introduced in 2001, has not received security updates from Microsoft since 2014. Security experts say that this leaves systems with significant vulnerabilities. Once a machine in a hospital’s network is compromised hackers can enter other systems to control equipment such as x-ray machines and target patient records.

A previous FoI request this summer indicated that around half of NHS trusts were last year hit by so-called ransomware attacks, where hackers lock down a hospital’s IT systems and demand payment. The trusts either denied that they had paid up or would not say.

Jamie Moles of Lastline, a malware-detection company, said: “It’s no surprise to hear that the cash-strapped NHS is still running Windows XP. While security remains a low priority for management, they will increasingly fall victim to these kinds of threats.

“While security remains a low priority for NHS management, they will increasingly fall victim to these kinds of threats, which wouldn’t be a serious problem except it results in cancellation of treatments whilst the affected systems are investigated and cleaned up.”

The Metropolitan Police also admitted yesterday that it is still using the 15-year-old XP software on almost 20,000 desktop computers.

Image result for computer hackers cartoon

This entry was posted in A Personal View, Rationing, Stories in the Media on by .

About Roger Burns - retired GP

I am a retired GP and medical educator. I have supported patient participation throughout my career, and my practice, St Thomas; Surgery, has had a longstanding and active Patient Participation Group (PPG). I support the idea of Community Health Councils, although I feel they should be funded at arms length from government. I have taught GP trainees for 30 years, and been a Programme Director for GP training in Pembrokeshire 20 years. I served on the Pembrokeshire LHG and LHB for a total of 10 years. I completed an MBA in 1996, and I along with most others, never had an exit interview from any job in the NHS! I completed an MBA in 1996, and was a runner up for the Adam Smith prize for economy and efficiency in government in that year. This was owing to a suggestion (St Thomas' Mutual) that practices had incentives for saving by being allowed to buy rationed out services in the following year.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s