The green padlock shows patients you’re safe By Zac Fine. May 17, 2017.
Cyber attacks are one of the special blights of our era. We all keep getting hit: individuals, multinationals and everyone in between. We accept this, and we like watching thrillers about it (try the series Mr Robot, it’s very good). And so it’s not terribly surprising when the next attack happens.
On Friday the NHS was hit by a piece of ransomware that blocked access to files and demanded payments to restore it. Even though the NHS was able to say it was in good company, with German railways, Spanish telecoms, Chinese universities and the Russian government among its fellow victims, it had to admit it’s been doing some silly things with its IT.
Let’s put aside the £13bn it wasted on an aborted patient record system, described by parliament’s Public Accounts Committee as “one of the worst and most expensive contracting fiascos in the history of the public sector”. That’s water under the bridge.
This cock up was of an entirely new order: parts of the NHS were still being run using the old operating system Windows XP, which Microsoft no longer updates. Every 12-year-old knows not to do this with their school laptop, so it’s difficult to imagine that large numbers of people weren’t expecting something like Friday’s nightmare of cancelled treatments and diverted patient care.
In fact, there is evidence to prove they were. The government warned NHS Trusts in 2014 to move away from XP as quickly as possible, and one day before the attack Dr Krishna Chinthapalli, a registrar in London, warned in a British Medical Journal article that some hospitals “will almost certainly be shut down by ransomware this year”.
It seems NHS managers wanted proof of just how bad things could get before they would be roused to action. Sure enough, they began upgrading their dodgy computer systems over the weekend. After the damage had been done.
The NHS was always going to have to do this work, doing it in a rush will simply cost taxpayers more. Doing it under the scrutiny of journalists, MPs and taxpayers will be more difficult. And damaging trust in the NHS will make life that bit harder for everyone who works in it.
Cost and trust feature somewhere in every cyber attack. The cost goes up for an organisation when it has to firefight via huge emergency consultancy and IT support bills. Customer trust goes down when an organisation is seen to be out of its depth on IT. While the public knows hacking is a problem, it also knows reasonable investment in IT security can keep you out of trouble. It’s a matter of priority.
The message the public was given last weekend is that the NHS doesn’t think being able to do its job is a priority. Quite an extraordinary, even masochistic approach to running a national health service. I know the NHS has its problems, but perhaps we can learn from its mistakes. You may have seen a green padlock in your URL browser of late. It’s to do with security. Websites that don’t have the green padlock show users a warning advising them that the site is not secure. To get the green padlock you have to upgrade to a HTTPS website, which costs £80 to £500 depending on your current website.
Communication between users and HTTPS websites are encrypted so that even if hackers break into the site they can’t access personal and financial data. This is now de rigueur for dental practices. Send us a note if you haven’t yet converted your site and we’ll sort it for you.
“Every 12-year-old knows not to do this, but not the NHS”
Zac Fine, content director