Mark Bridge exposes the incompetence of the different health services in rationing technology – something no self employed businessman would risk: The Times 8th December 2016 – Hackers get easy route to patient data
Patients are being put at risk because most NHS trusts are using an obsolete IT operating system that no longer receives security updates, researchers have warned.
The trusts’ use of the old Windows XP system could enable hackers to steal patient data or take control of hospital infrastructure. Criminals have already used cyberattacks to hold hospitals to ransom and an NHS trust in Lincolnshire and East Yorkshire said this week that an attack in October led to the cancellation of more than 2,800 patient appointments, including operations.
Citrix, the software company, made freedom of information (FoI) requests to 63 NHS trusts, with 42 responding and 38 confirming that they still used XP.
Windows XP, introduced in 2001, has not received security updates from Microsoft since 2014. Security experts say that this leaves systems with significant vulnerabilities. Once a machine in a hospital’s network is compromised hackers can enter other systems to control equipment such as x-ray machines and target patient records.
A previous FoI request this summer indicated that around half of NHS trusts were last year hit by so-called ransomware attacks, where hackers lock down a hospital’s IT systems and demand payment. The trusts either denied that they had paid up or would not say.
Jamie Moles of Lastline, a malware-detection company, said: “It’s no surprise to hear that the cash-strapped NHS is still running Windows XP. While security remains a low priority for management, they will increasingly fall victim to these kinds of threats.
“While security remains a low priority for NHS management, they will increasingly fall victim to these kinds of threats, which wouldn’t be a serious problem except it results in cancellation of treatments whilst the affected systems are investigated and cleaned up.”
The Metropolitan Police also admitted yesterday that it is still using the 15-year-old XP software on almost 20,000 desktop computers.