NHS cyberattack: government and Microsoft criticised as threat continues

The UK’s national health service is expected to face more serious problems this week from the ‘ransomware’ cyberattack which paralysed parts of the NHS on Friday.

Operations and appointments were cancelled and ambulances diverted as up to 61 NHS organisations, including many hospitals, became infected by the ransomware.  Known as WannaCry, the virus demands payment from users, who otherwise face the threat of medical records and other NHS data being destroyed.

Now that primary care GPs have opened their doors and turned on their computers this morning, there are reports that many are being affected. Primary care organisations across the north east of England are said to be currently locked out of their IT systems, forcing doctors and nurses to improvise services without any computers.

While the NHS was not the only organisation targeted in a what was a global attack – it has struck in 150 countries – it has emerged that the UK’s health service was particularly vulnerable because of the age of its IT infrastructure.

As the country is now in the midst of an election campaign, it was clear that the episode would be seized on by Labour and the Lib Dems, who say the Conservative party are to blame because of underfunding of the service, and a lack of disaster planning.

[caption id="attachment_27802" align="alignnone" width="320"] Johnathan Ashworth[/caption]

The Labour party’s shadow health secretary Johnathan Ashworth told Sky News: "I think the Government's response has been chaotic, to be frank.

"They've complacently dismissed warnings which experts, we now understand, have made in recent weeks."

The government decided in 2015 to not extend a £5.5 million deal with Microsoft to extend IT support for Windows XP.

Ashworth added: "The truth is, if you're going to cut infrastructure budgets and if you're not going to allow the NHS to invest in upgrading its IT, then you are going to leave hospitals wide open to this sort of attack."

Home secretary Amber Rudd defended the government’s record, saying “good preparations” had been put in place by the NHS to make sure they were ready for this sort of attack

She told Sky News that NHS trusts had been warned to upgrade their systems and that she was "disappointed" many had not done so.

Commenting on the political row in its blog, healthcare government relations experts Incisive Health said:

“Truth be told all parties have a somewhat inglorious record of delivering on NHS IT commitments. Although there will have been some nervous moments this morning as GP land woke up after the weekend, the Conservatives will hope that the worst of the attack is over and that it doesn’t distract attention from their manifesto launch.”

It concluded: “The appearance of ransomware is, however, a reminder of why politicians live in fear of unforeseen events at election time.”

Meanwhile, many commentators have criticised Microsoft, for its policy of ending support of older operating systems – a tactic designed to encourage large organisations to pay for upgrades to new versions.

NHS commentator Roy Lilley wrote in his nhsManagers blog this morning  that the company should have maintained its protection for its older Windows XP, which most NHS organisations still use.

“If BMW said your car is 10 years old and we won't service it, there would be an outcry.  Microsoft got away with it.  They dumped XP.”

He concluded:”The NHS wasn't held to ransom... if you exclude Microsoft.”

Microsoft has itself called the attack a ‘wake up call’ for governments, who it blames for not securing their own systems.  This is because the virus is understood to be based on software stole from US intelligence agencies which identified weaknesses  in Microsoft Windows.