They just need to change the malware code to send out the patch to all the machines that the malware could infect.
- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
NHS Cyber attack!
Collapse
X
-
-
There are two issues here.
The immediate one is that the IT departments of many NHS Trusts had not applied the available patches. This is negligence on a colossal scale & heads should roll.
The second more strategic issue is using general purpose Windows computers & mixing up essential clinical systems like X-ray, pathology, patient admin etc with email & web surfing. The core clinical systems should be isolated from the Internet & run on emdedded devices not prone to malware & viruses.
The whole mess is compounded by the fact that there is no NHS IT system just a fragmented Balkanised mish mash of systems in over 200 Trusts with no thought to strategic design or economies of scale.Comment
-
Comment
-
Originally posted by nigelbb View PostThere are two issues here.
The immediate one is that the IT departments of many NHS Trusts had not applied the available patches. This is negligence on a colossal scale & heads should roll.
The second more strategic issue is using general purpose Windows computers & mixing up essential clinical systems like X-ray, pathology, patient admin etc with email & web surfing. The core clinical systems should be isolated from the Internet & run on emdedded devices not prone to malware & viruses.
The whole mess is compounded by the fact that there is no NHS IT system just a fragmented Balkanised mish mash of systems in over 200 Trusts with no thought to strategic design or economies of scale.
You forgot to mention that that the NHS is using XP machines with 14 inches monitors which are no longer supported by Microsoft and only supported by local IT teams. I believe (correct me if I am wrong) that the NHS did not want to pay Microsoft what they wanted in order to have XP machines supported. They mostly use antiquated computers except for giving iphones and ipads to every manager, many getting replaced 2 or 3 times in a matter of months.
Like I mentioned in my earlier post, each trust is slightly different but the bottom line is that they really are a closed club no matter what other say (read the contractoruk news post): http://www.contractoruk.com/news/001...again_nhs.html
You would be very very lucky to get an offer coming from outside the NHS sector. The hiring manager would have to be extremely open minded. Many many times you will end up interviewing for roles which have already been offered to NHS experienced contractors but they still have to conduct the interviews for the sake of following protocol.
I am not writing this because I did not get the role of implementing a clinical system for a London Trust on which I had specific training and experience only to be told not enough NHS experience. But because at the same time I also interviewed for another role at a South England Trust for a clinical system which was similar to the one I had experience on, and they did offer me the role even though I did not have enough NHS experience nor specific system experience. Funny thing is London Trust was paying a lot less than the one outside London. Unfortunately I had to turn it down as the commute would have been a killer.
The other issue is that once you contract in the NHS many private sector companies would not touch you with a barge-pole.Last edited by Drei; 18 May 2017, 16:50.Comment
-
Originally posted by Drei View PostYou forgot that the NHS is using XP machines with 14 inches monitors which are no longer supported by Microsoft and only supported by local IT teams. I believe the NHS did not want to pay Microsoft what they wanted in order to have XP machines covered.Down with racism. Long live miscegenation!Comment
-
Originally posted by Hobosapien View PostThey just need to change the malware code to send out the patch to all the machines that the malware could infect.
The only snag is the NHS would have to send a memo to all their staff saying "Just this once, you must click on the link in this dodgy looking email!"Last edited by OwlHoot; 18 May 2017, 16:46.Work in the public sector? Read the IR35 FAQ hereComment
-
Originally posted by OwlHoot View PostGreat example of lateral thinking - Set a thief to catch a thief!
The only snag is the NHS would have to send a memo to all their staff saying "Just this once, you must click on the link in this dodgy looking email!"
For 'they' I meant Microsoft, but yes I suppose you are still correct.
It's even simpler than that, no need to click emails as the vulnerability in unpatched machines allows the malware through via the network, no user interaction required.Maybe tomorrow, I'll want to settle down. Until tomorrow, I'll just keep moving on.Comment
-
Originally posted by NotAllThere View PostNo. It was the health minister at the time.Comment
-
Originally posted by Drei View PostYou forgot to mention that that the NHS is using XP machines with 14 inches monitors which are no longer supported by Microsoft and only supported by local IT teams. I believe (correct me if I am wrong) that the NHS did not want to pay Microsoft what they wanted in order to have XP machines supported. They mostly use antiquated computers except for giving iphones and ipads to every manager, many getting replaced 2 or 3 times in a matter of months.
Like I mentioned in my earlier post, each trust is slightly different but the bottom line is that they really are a closed club no matter what other say (read the contractoruk news post): Why IT contractors should look again at the NHS :: Contractor UK
You would be very very lucky to get an offer coming from outside the NHS sector. The hiring manager would have to be extremely open minded. Many many times you will end up interviewing for roles which have already been offered to NHS experienced contractors but they still have to conduct the interviews for the sake of following protocol.
I am not writing this because I did not get the role of implementing a clinical system for a London Trust on which I had specific training and experience only to be told not enough NHS experience. But because at the same time I also interviewed for another role at a South England Trust for a clinical system which was similar to the one I had experience on, and they did offer me the role even though I did not have enough NHS experience nor specific system experience. Funny thing is London Trust was paying a lot less than the one outside London. Unfortunately I had to turn it down as the commute would have been a killer.
The other issue is that once you contract in the NHS many private sector companies would not touch you with a barge-pole.
Part of the issue with updates and patching is that there is a lack of understanding on how to setup and how check if WSUS is working properly. And another part is that it may take weeks if not months to get a patch or update approved. Again this is down to the permie mentality. My attitude in urgent cases is send out an email to say that it is happening unless you reply with good reason why not.
The main point about NHS experience is that as a contractor you have a responsibility that one slip-up on data could result in death. Even a system down has resulted in vital information not being accessed by a doctor thus resulting if fatalities."A people that elect corrupt politicians, imposters, thieves and traitors are not victims, but accomplices," George OrwellComment
-
Originally posted by Drei View PostThe other issue is that once you contract in the NHS many private sector companies would not touch you with a barge-pole.Comment
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- A new hiring fraud hinges on a limited company, a passport and ‘Ade’ Today 09:21
- Is an unpaid umbrella company required to pay contractors? Yesterday 09:28
- The truth of umbrella company regulation is being misconstrued Nov 25 09:23
- Labour’s plan to regulate umbrella companies: a closer look Nov 21 09:24
- When HMRC misses an FTT deadline but still wins another CJRS case Nov 20 09:20
- How 15% employer NICs will sting the umbrella company market Nov 19 09:16
- Contracting Awards 2024 hails 19 firms as best of the best Nov 18 09:13
- How to answer at interview, ‘What’s your greatest weakness?’ Nov 14 09:59
- Business Asset Disposal Relief changes in April 2025: Q&A Nov 13 09:37
- How debt transfer rules will hit umbrella companies in 2026 Nov 12 09:28
Comment