Are there any words which have such an affinity as ‘NHS’, ‘IT’ and ‘cock-up’? Older readers might remember how the Department of Health blew £10 billion of taxpayers’ money on a computer system which was eventually abandoned. Today comes news that two dozen hospitals have been affected by a massive hack of computer systems. Patients in Stevenage and Blackpool have been told not to visit their local A&E departments unless they are desperate. Operations have been postponed. Phone systems have gone down and doctors are unable to prescribe drugs. The culprit is a piece of ‘ransomware’ which seems to be capable of locking computers which it says will only be unlocked if a payment is made in bitcoin.
The NHS is not alone in being targeted – yesterday’s attack was global, aimed at computer systems all around the world. But the NHS seems to have especially bad resilience. It turns out that Microsoft has been aware of the vulnerability of its systems to this kind of attack for some time, and in March released a security ‘patch’ which was supposed to offer protection. NHS computer systems, however, seem to be too old to accept the update.
There does seem to be a rather large gulf between the government’s enthusiasm for all things digital and its competence at handling IT systems. We never hear the end of digital this, digital that. Ministers seem in an indecent haste to force us to do everything online, from filing tax returns to paying to use the Dartford Tunnel. Thanks to its ‘digital by default’ strategy, the government even boasts that Britain has become the world’s leader in e-government – an accolade bestowed upon it by the UN.
But how much more convincing it would all be if it weren’t for incidents such as today’s NHS hack. It is not acceptable that hospitals be put out of action by the activities of criminal hackers. The world will never be free of hackers, but surely computer systems and hospitals which use them should have some inbuilt resilience to hacking. Neither is it acceptable, as happened, in 2012, that records of 600 maternity patients in Surrey went missing after an unencrypted USB disk was lost. Nor does it build confidence that government bodies between them committed 9,000 data breaches between them in 2014/15, according to the National Audit Office.
Of course public bodies should be using computers and digital systems just as the rest of us do every day. But the government could do us all a favour if it toned down its messianic zeal on all things digital and got to grips with how to handle such things as hacking attacks, data breaches and so on. A UN award for e-government doesn’t look a prize worth having when your local A&E department closes due to a hacking attack.
Comments