Welcome To Zelo Street!

This is a blog of liberal stance and independent mind

Saturday 13 May 2017

Amber Rudd’s NHS IT Shame

Today’s papers are almost of one voice on their lead stories: there has been a cyber attack on organisations across the world, which in the UK has manifested itself most obviously in its effect on the NHS. Many routine appointments and procedures have had to be postponed or cancelled. That is bad enough: what verges on the unforgivable is the attitude of one Tory minister who has tried to wash her hands of it.
Amber Rudd - bang to rights hypocrite

So what caused the problem? As the Guardian has explained, “Computers at hospitals and GPs surgeries in the UK were among thousands hit in almost 100 countries by malware that appeared to be using technology stolen from the National Security Agency in the US. It blocks access to any files on a PC until a ransom is paid”. It was software the NSA developed to take advantage of vulnerabilities in Windows operating systems.

Have a think about that: we know that organisations like the NSA have wanted companies like Apple to allow them to have a “back door” to their operating systems. Apple have declined the request, reasoning that once there is a back door, the potential for cyber criminals to get hold of the code is too great a risk. And Apple have been proved absolutely right in spades. But in the meantime, the blame game has started.

And at the front of that particular queue has been Home Secretary Amber Rudd, telling that the Care Quality Commission (CQC) “will be advising NHS trusts to move to modernise their platforms and I think that after this experience, I would expect them all to move forward with modernising”. Nothing to do with Government, move along here.

But Ms Rudd is being seriously disingenuous on two counts. One, the most obvious, the NHS, and by extension its IT systems, have been subjected to the same budget constraints as the rest of the public sector for several years now. That means those IT systems are running operating systems that are either no longer supported, or are not receiving security patch updates at the time they should be applied.
The patch to close the vulnerability exploited by the latest cyber attack is prosaically titled MS17-010, and was available in March this year. It should have been applied in the month-end update. But if the operating systems are no longer supported (like Windows XP) … you can fill in the blanks yourself. And Ms Rudd has a second count to answer.

She was one of those shouting the loudest - in, surprise, surprise, March this year - for companies like Apple to make that back door available. Her excuse was the Westminster attack. She was advocating making computer systems, and software, vulnerable - her reasoning was that it would allow the law enforcement agencies to access computers and other devices in an emergency. But it would also allow in the hackers.

So when she tries to wash her hands of the cyber attack that has paralysed so much of the NHS, one thing should be remembered: Amber Rudd wanted computers to be vulnerable to these attacks. She became particularly righteous about it.

Now we have seen what happens when computers are vulnerable, she is once again blaming someone else. It won’t wash. Amber Rudd is a disgraceful hypocrite.


Anonymous said...

One of the first actions of the last Tory government was to abandon a major NHS IT system because it didn't accord with their plans for privatising it.

Unknown said...

Even worse, the Tories have been more interested in spending billions of pounds at GCHQ on means to snoop on every person in the UK who accesses the Internet.

And what was GCHQ doing yesterday afternoon when the NHS was being attacked? Tweeting about limericks.

It's pretty obvious where their priorities lie.

iMatt said...

HA! The funny thing is that on your blog below this article there is an ad for ''The best Free Antivirus 2017''.Perhaps the NHS should download a copy this weekend.

Bob said...

Where is the Health Secretary or doesn't he do weekends?
Also worryingly our Trident nuclear system also runs on XP.

Arnold said...

She said this morning that backups should be made but didn't know if they were. I'm sure they are, but if computers are used 24/7 and backups made daily, they will never be up to date.
And it isn't that simple. The malware still has to be removed from infected machines.
I don't think that she knows much about IT.

Anonymous said...

Anyone who thinks windows XP is the only OS that is open to attack needs to think on.

There are many security concerns in the UK that have been sitting in front of us for a long time. I'm disgusted how long its taken to get the much needed attention or more importantly the deed that brought it home to the majority.

Anonymous said...

XP updates are still available for XP used in business at a cost. Penny pinching !

Anonymous said...

"...malware that appeared to be using technology stolen from the National Security Agency in the US."

Yeah, right.

The Yank NSA/CIA or any of the other loony right wing spooks wouldn't have anything to do with this would they? I mean, it must have been Putin musn't it?

Yeah, that'll be it. The Russians. Or the Chinese. Or the North Koreans. In a different life it might have been Osama Bin Laden, Saddam Hussein, Gaddafi or even Hugo Chavez, Fidel Castro or Varoufakis. Come to think of it, perhaps even Nelson Mandela or Mohandas Gandhi.

While we're at it......let's have Two Minutes Hate led by Murdoch and Northcliffe. That usually works.

Anonymous said...

Blame the victim. It's what Tories do. Always have, always will.

Like the undeserving poor or benefits scroungers. Everyone knows it was they who sabotaged the world economy in 2008.

Anonymous said...

@Anonymous 11:21

Bloody spot on!