Reply to: NHS Cyber attack!

Like I said, I kid you not. I laughed the moment they mentioned the scanner. Obviously I don't want to be ignorant to security issues. I wonder if this is the official statement used by the trust.

This was a meeting asking for the latest status, a lot of patients got pushed back or had appointments cancelled, some were for scans and other serious matters.

I thought most viruses spread from NLyUK.

I know folk that can crash a computer just by looking at it.

P.S. I thought this might make a few people giggle.

So I heard from someone that was in a meeting with Barts that apparently the Malware spread to the whole of the trust from a "Scanner", I tulip you not. I work in IT but have never heard of that before, the last time I heard something completely idiotic was when a guy told me he got a virus from a printer cable.

Anyone that knows more could entertain us and validate this. Can you really get a virus from a Scanner? Maybe if they used a USB stick and connected it to it then from there accessed the files?

Maybe someone on here can provide a real example but I really do think that you would find it quite hard to find something else in the private sector if your CV says 10 years NHS Experience. You are 100% correct about the whole "special" thing in regards to NHS, FORD and Banking. Could be plenty more but those 3 are the ones I experienced myself.

Seriously? I get that NHS, Investment Banks etc think they are 'special' (they aren't), but the average private sector company wouldn't give a damn.

Part of the issue with updates and patching is that there is a lack of understanding on how to setup and how check if WSUS is working properly. And another part is that it may take weeks if not months to get a patch or update approved. Again this is down to the permie mentality. My attitude in urgent cases is send out an email to say that it is happening unless you reply with good reason why not.

The main point about NHS experience is that as a contractor you have a responsibility that one slip-up on data could result in death. Even a system down has resulted in vital information not being accessed by a doctor thus resulting if fatalities.

Seen this mentioned elsewhere. Do you have a reference for this?

For 'they' I meant Microsoft, but yes I suppose you are still correct.

It's even simpler than that, no need to click emails as the vulnerability in unpatched machines allows the malware through via the network, no user interaction required.

Great example of lateral thinking - Set a thief to catch a thief!

The only snag is the NHS would have to send a memo to all their staff saying "Just this once, you must click on the link in this dodgy looking email!"

No. It was the health minister at the time.

You forgot to mention that that the NHS is using XP machines with 14 inches monitors which are no longer supported by Microsoft and only supported by local IT teams. I believe (correct me if I am wrong) that the NHS did not want to pay Microsoft what they wanted in order to have XP machines supported. They mostly use antiquated computers except for giving iphones and ipads to every manager, many getting replaced 2 or 3 times in a matter of months.



Like I mentioned in my earlier post, each trust is slightly different but the bottom line is that they really are a closed club no matter what other say (read the contractoruk news post): http://www.contractoruk.com/news/001...again_nhs.html

You would be very very lucky to get an offer coming from outside the NHS sector. The hiring manager would have to be extremely open minded. Many many times you will end up interviewing for roles which have already been offered to NHS experienced contractors but they still have to conduct the interviews for the sake of following protocol.

I am not writing this because I did not get the role of implementing a clinical system for a London Trust on which I had specific training and experience only to be told not enough NHS experience. But because at the same time I also interviewed for another role at a South England Trust for a clinical system which was similar to the one I had experience on, and they did offer me the role even though I did not have enough NHS experience nor specific system experience. Funny thing is London Trust was paying a lot less than the one outside London. Unfortunately I had to turn it down as the commute would have been a killer.


The other issue is that once you contract in the NHS many private sector companies would not touch you with a barge-pole.

Labour knows how to fix it. Diane Abbott wants to upgrade to windows nine and three quarters.

There are two issues here.

The immediate one is that the IT departments of many NHS Trusts had not applied the available patches. This is negligence on a colossal scale & heads should roll.

The second more strategic issue is using general purpose Windows computers & mixing up essential clinical systems like X-ray, pathology, patient admin etc with email & web surfing. The core clinical systems should be isolated from the Internet & run on emdedded devices not prone to malware & viruses.

The whole mess is compounded by the fact that there is no NHS IT system just a fragmented Balkanised mish mash of systems in over 200 Trusts with no thought to strategic design or economies of scale.

They just need to change the malware code to send out the patch to all the machines that the malware could infect.