Reply to: Any of you worked on security for the NHS?

Scratches head...

Surely the Health Secretary would be intelligent enough to point out the issue if there were problems....

I wonder who was Home Secretary back in 2015 who decided not to renew the contract for Internet security for Windows XP? Whoever it was did save the NHS a whopping 5 million pounds though

They are not being downloaded. They were left on the 15:17 from Waterloo to Surbiton.

In what respect exactly? That the clinical front-end security is good or that the back-end security is poor?

As you seem to have worked in the NHS, you'll know that there is substantial variance between trusts due to the decentralised nature of many of the IT systems, so your experience may well have been completely different - this doesn't falsify what I'm claiming.

To be clear I'm not referring to the core systems.

What I do know for certain is that I and many others who worked with IT/data could easily have accessed, taken off-site, then lost or sold highly confidential data on tens of thousands of patients in the local area had we wanted to.

Another poster earlier in this thread made a similar point to me, based on their own experience. If you're not clear which point you disagree on though it's hard to have a discussion.

I'm sorry but that's absolute rubbish.

15 years worth of beer and curry can have a terrible effect on a chaps waistline, but stood next to you I still look like someone on hunger strike.

Bitcoin is a poor choice for ransom payment, it can be traced easily enough.

Blockchain would be an excellent use case for keeping NHS records. Encrypted end to end whilst keeping data available across the entire network in multiple nodes.

I worked in an NHS trust a while back. My experience was that the front-end systems accessed by 98% of people were all very effectively secured, monitored and audited, with good training/threats in place.

On the other hand the back-end systems were far too open to anybody with access, and with the way data was processed - effectively un-auditable. Security in that aspect relied more on trust, judgement and good-will. It scared me a little too.

Thank goodness Corbyn is not planning to nationalise the airlines. You'd be heading towards Heathrow and a message would pop up telling the pilot he had to send $5000 before he could lower the wheels.

I wonder if they thought to have proper backups? Difficult to have much confidence in public sector IT.

If I had a hospital appointment I think I'd cancel it. Might go there regarding a fracture and find my appendix had been removed. Or they might even cut me up looking for my uterus.

Maybe, if we go into hospital, we should take our own laptops for record keeping.

If your still using XP then expect nothing less

FTFY.

qh

The only time I ever worked on the NHS it was still called the DHSS and it wasn't secure then ...