NHS Cyber attack!

They just need to change the malware code to send out the patch to all the machines that the malware could infect.

There are two issues here.

The immediate one is that the IT departments of many NHS Trusts had not applied the available patches. This is negligence on a colossal scale & heads should roll.

The second more strategic issue is using general purpose Windows computers & mixing up essential clinical systems like X-ray, pathology, patient admin etc with email & web surfing. The core clinical systems should be isolated from the Internet & run on emdedded devices not prone to malware & viruses.

The whole mess is compounded by the fact that there is no NHS IT system just a fragmented Balkanised mish mash of systems in over 200 Trusts with no thought to strategic design or economies of scale.

Labour knows how to fix it. Diane Abbott wants to upgrade to windows nine and three quarters.

You forgot to mention that that the NHS is using XP machines with 14 inches monitors which are no longer supported by Microsoft and only supported by local IT teams. I believe (correct me if I am wrong) that the NHS did not want to pay Microsoft what they wanted in order to have XP machines supported. They mostly use antiquated computers except for giving iphones and ipads to every manager, many getting replaced 2 or 3 times in a matter of months.



Like I mentioned in my earlier post, each trust is slightly different but the bottom line is that they really are a closed club no matter what other say (read the contractoruk news post): http://www.contractoruk.com/news/001...again_nhs.html

You would be very very lucky to get an offer coming from outside the NHS sector. The hiring manager would have to be extremely open minded. Many many times you will end up interviewing for roles which have already been offered to NHS experienced contractors but they still have to conduct the interviews for the sake of following protocol.

I am not writing this because I did not get the role of implementing a clinical system for a London Trust on which I had specific training and experience only to be told not enough NHS experience. But because at the same time I also interviewed for another role at a South England Trust for a clinical system which was similar to the one I had experience on, and they did offer me the role even though I did not have enough NHS experience nor specific system experience. Funny thing is London Trust was paying a lot less than the one outside London. Unfortunately I had to turn it down as the commute would have been a killer.


The other issue is that once you contract in the NHS many private sector companies would not touch you with a barge-pole.

No. It was the health minister at the time.

Great example of lateral thinking - Set a thief to catch a thief!

The only snag is the NHS would have to send a memo to all their staff saying "Just this once, you must click on the link in this dodgy looking email!"

For 'they' I meant Microsoft, but yes I suppose you are still correct.

It's even simpler than that, no need to click emails as the vulnerability in unpatched machines allows the malware through via the network, no user interaction required.

Seen this mentioned elsewhere. Do you have a reference for this?

Part of the issue with updates and patching is that there is a lack of understanding on how to setup and how check if WSUS is working properly. And another part is that it may take weeks if not months to get a patch or update approved. Again this is down to the permie mentality. My attitude in urgent cases is send out an email to say that it is happening unless you reply with good reason why not.

The main point about NHS experience is that as a contractor you have a responsibility that one slip-up on data could result in death. Even a system down has resulted in vital information not being accessed by a doctor thus resulting if fatalities.

Seriously? I get that NHS, Investment Banks etc think they are 'special' (they aren't), but the average private sector company wouldn't give a damn.