1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Any of you worked on security for the NHS?

Collapse
X
11 to 20 of 43 Previous 1 2 3 4 5 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
11 to 20 of 43 Previous 1 2 3 4 5 template Next
    #11
    This liability insurance and legal insurances may come in handy for someone on here, but it may not be enough

    Comment

      #12
      Originally posted by MarillionFan View Post
      So if they've managed to do that, what's to say they're not downloading all of the patient health records. A breach of that would be the largest ever.
      Caldicot Guardian!

      Comment

        #13
        Originally posted by MarillionFan View Post
        So if they've managed to do that, what's to say they're not downloading all of the patient health records. A breach of that would be the largest ever.
        Because control of the PC doesn't give access to the records systems. To gain access to patient records you have to have a physical NHS smart ID card that you plug into the PC and then use that in combination with user ID ad password to authenticate yourself via the specific application.

        This looks like a ransomware attack that got through in a couple of trusts. Knee jerk reaction from medical staff would be that they think the patient data has been compromised when in reality it will only be whatever was locally stored on that PC, which should be bugger all in normal circumstances.

        Local IT staff will be shutting down local systems to prevent infection spreading while they clean up and work out how it happened. If SPINE or any of the other national services were down UKCCS and others would know about it and be telling people.
        "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

        Comment

          #14
          Originally posted by stek View Post
          Caldicot Guardian!
          I was back in the day and carried out analysis on 3M patients records as part of a study. It always worried me how easy it was for me to do that analysis & how easy it would have been for me to lost my laptop & data.
          What happens in General, stays in General.
          You know what they say about assumptions!

          Comment

            #15
            Originally posted by MarillionFan View Post
            So if they've managed to do that, what's to say they're not downloading all of the patient health records. A breach of that would be the largest ever.
            There is no single system for patient health records. Happens in the US:

            Hackers demand ransom to release encrypted US medical records | Ethics & Health Law News

            Comment

              #16
              Originally posted by DaveB View Post
              Because control of the PC doesn't give access to the records systems. To gain access to patient records you have to have a physical NHS smart ID card that you plug into the PC and then use that in combination with user ID ad password to authenticate yourself via the specific application.

              This looks like a ransomware attack that got through in a couple of trusts. Knee jerk reaction from medical staff would be that they think the patient data has been compromised when in reality it will only be whatever was locally stored on that PC, which should be bugger all in normal circumstances.

              Local IT staff will be shutting down local systems to prevent infection spreading while they clean up and work out how it happened. If SPINE or any of the other national services were down UKCCS and others would know about it and be telling people.
              Smartcards are a necessity only for spine connected systems (and even then it's slightly more nuanced).

              Local PCs may have (but shouldn't have) clinical correspondence such as letters, and in some case small departmental databases.

              Comment

                #17
                Originally posted by Eirikur View Post
                This liability insurance and legal insurances may come in handy for someone on here, but it may not be enough
                Suppliers' will have insurance. The NHS IIRC self-insures.

                Comment

                  #18
                  Originally posted by northernladyuk View Post
                  The NHS IIRC self-insures.
                  Won't be allowed after Brexit - unfair competition with US Insurance giants...

                  Comment

                    #19
                    Originally posted by DaveB View Post
                    Because control of the PC doesn't give access to the records systems. To gain access to patient records you have to have a physical NHS smart ID card that you plug into the PC and then use that in combination with user ID ad password to authenticate yourself via the specific application.

                    This looks like a ransomware attack that got through in a couple of trusts. Knee jerk reaction from medical staff would be that they think the patient data has been compromised when in reality it will only be whatever was locally stored on that PC, which should be bugger all in normal circumstances.

                    Local IT staff will be shutting down local systems to prevent infection spreading while they clean up and work out how it happened. If SPINE or any of the other national services were down UKCCS and others would know about it and be telling people.
                    It's pretty major for that amount of ransomware to have got to that many machines. It may just be a case of a few machines and they've just instantly shut down the networks though.
                    What happens in General, stays in General.
                    You know what they say about assumptions!

                    Comment

                      #20
                      I don't think anyone has ever worked on IT security for the NHS. Their network was riddled with SQL worms and all sorts of other nasties when I had a passing acquaintance with it about 15 years ago. MF will probably back me up on that.
                      His heart is in the right place - shame we can't say the same about his brain...

                      Comment

                      Reply to Thread
                      11 to 20 of 43 Previous 1 2 3 4 5 template Next

                      Advertisers

                      1. Contracting
                        1. General
                          1. Brexit
                        2. Business / Contracts
                          1. Coronavirus Assistance
                        3. Accounting / Legal
                          1. Umbrella Companies
                          2. HMRC Scheme Enquiries
                          3. The Future of Contracting
                          4. IR35 Reform
                        4. Technical
                        5. Welcome / FAQs
                      2. Social
                        1. Light Relief
                        2. Social / Events
                      Working...
                      X