This site is intended for health professionals only

NHS IT systems were a timebomb that has just gone off

A massive cyber-attack that hit the NHS across the UK last Friday left hospitals and GP surgeries simultaneously receiving a pop-up message demanding a ransom in exchange for access to the PCs. Dozens of operations were cancelled and patients were turned away from A&E after the large-scale attack– the biggest in the history of the NHS. Some NHS trusts were unable to carry out emergency MRI and CT scans as doctors reverted to using pen and paper amid the chaos. It has long been known that the NHS struggles with IT in multiple respects and that this includes serious security problems. NHS IT systems have been a ticking time bomb, outdated, unsupported and venerable PCs across the country been a norm for several years.

The NHS was repeatedly warned of cyber-attacks. In an article published in the BMJ, Dr Krishna Chinthapalli, a neurology registrar at the National Hospital for Neurology and Neurosurgery in London, warned of such attacks by ransomware this year. Today, in surgeries, GPs will end up answering the calls of worried patients, whose appointments been cancelled or postponed.

The entire fiasco could cost the NHS bucket full of money, and it would be a miracle if human lives are not affected.  

Many hospitals use proprietary software that runs on ancient operating systems. NHS Trust’s computers attacked by ransomware are probably running Windows XP. Released in 2001, it is now obsolete, yet 90% of NHS trusts run this version of Windows on their approximately one million PCs. We should be prepared: more hospitals will almost certainly be shut down by ransomware this year. If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?

Yesterday’s attack’s success was likely to be because some hospital trusts and other organisations have either not applied the patch released by Microsoft, or they are using outdated operating systems. DH Exemplar IT funding has been stalled, probably pinched to reduce over-spends.

To date, Jeremy Hunt has even failed to acknowledge the crisis, let alone doing something about it. If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that, Mr Health Secretary? The NHS is a massive target for cyber-attacks and currently, it is a poorly defended target. Jeremy Hunt needs to urgently review the security software of all the NHS computers and release extra funding for upgrading the systems urgently.