The news that NHS hospitals and GP surgeries across the country have been hacked, comes as no surprise to most IT specialists.
To the general public it is even more shocking when they are told that the NHS is using outdated and 100% risky computer systems based on obsolete technology:
Up to 90 per cent of NHS computers still run Windows XP, which came out in 2001. and 'There’s no way to patch it'
There has been several new operating systems since XP was first released in 2001: Windows 7, Windows 8.1 and now Windows 10, so the NHS has had plenty of opportunity to upgrade their systems and had they done so, even with just windows 7; there is a view that they could have then migrated their systems to Windows 10, depending upon the age of their stand alone computers and their data servers the machines are linked to.
This current attack is using Malware called Wanna Detector is preventing hospital staff and some GP surgeries in England and Scotland from accessing medical records due to their systems files and data being encrypted.
Wales is not affected because they are on a different computer system apparently. But, in fact in the UK, a third of NHS trusts have reported a ransomware attacks prior to this major attack which is global and does not juts affect the NHS in the UK.
Theresa May's response was to highlight the fact that this is a world-wide attack as if that mitigates the fact that the Tory government since 2010 has been starving the NHS of cash, increasing it's costs by putting everything out to private tender; and refusing to update its creaking and as we now see, highly insecure IT systems.
The British Medical Journal warned in their report which coincidentally was published earlier this week, that up to 90 per cent of NHS computers still run Windows XP. The operating system was released in 2001, and Microsoft cut support for it in 2014. Continuing use of it comes with enormous risk!
"Using XP is particularly bad because it’s no longer supported and there’s no way to patch it," David Emm, the principal security researcher at Kaspersky, told The Independent.
"Microsoft no longer builds or distributes security updates for XP, leaving it extremely vulnerable to viruses and cyber criminals."
Microsoft has made it very clear about the need for individuals and especially businesses and organisation like the NHS to stop using XP.
They issued this statement on more than one occasion:"If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses.
Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats."
But despite advanced warnings that the operating system is old and needs replacing, the Tory government paid Microsoft £5.5 million to extend support, for one more year in 2014 instead of implementing an XP replacement service across the whole of the NHS!
The BMJ report ominously concludes, "We should be prepared: more hospitals will almost certainly be shut down by ransomware this year."
Unfortunately for the NHS, very few older computers are able to run Windows 10, Microsoft's latest computer operating system, which means the machines themselves need to be replaced, and that will cost an enormous amount of money.
One IT specialist, Fraser Kyne, the CTO of Bromium for the EMEA region, told The Independent newspaper:
"Many organisations are faced with huge potential costs in upgrading their systems, which may rely on XP to support critical line-of-business applications. Systems running XP really should be used in separation from other functions and not used for external web browsing or opening emails from unknown sources. There is just too much risk in doing this."
As if to illustrate just this, apparently a few months ago on a Saturday night a nurse at Papworth Hospital near Cambridge clicked on a malicious link. Malware infected her workplace computer and started to encrypt sensitive files. Fortunately, the hospital’s daily data backup had just been completed.
The IT director admitted that they were very lucky, saying, “Timing absolutely was everything for us.”
But part of the shock yesterday was that many GPs do not have backups on a daily basis, a situation there can be no excuse for at all!
So what can hospitals and their workers do? The BMJ has this simple answer:
'Digital hygiene —that is, keeping hardware and software as secure as possible—is essential. This includes employees becoming less “click happy” when reading emails. Frequent backups are also important. Papworth Hospital now backs up data every hour and uses tape drives, which cannot be hacked digitally.'
When attacks do occur, the IT department must be informed quickly, say the BMJ.
'Much like containment of an infectious disease outbreak, a rapid response can isolate infected computers. One security company provides a free “hostage rescue manual” for responding to ransomware attacks. Hospitals should share data on attacks to stop them happening again.'
Source: Independent / BMJ/ REUTERS/Shannon Stapleton