nicko31
Well-known member
For single application purposes anyone with a brain would deploy Windows XP Embedded in the first place.
WinXP for desktop use, they've had years to plan for this. Really no excuse
Got something to say or just want fewer pesky ads? Join us... 😊
NHS hospitals across England hit by large-scale cyber-attack
- Thread starter TomandJerry
- Start date
For single application purposes anyone with a brain would deploy Windows XP Embedded in the first place.
WinXP for desktop use, they've had years to plan for this. Really no excuse
Leekbrookgull
Well-known member
Closer to home in a way is it possible to cause this kind of disruption to say air traffic control,a major railway signalling centre that kind of set-up or is that a completely different system ?
Yoda
English & European
The biggest issue is trusts that still use old clinical applications on their desktops, where the 3rd party supplier has since gone bust so no longer gets updated, but the trust is still prepared to use the software as they can't afford to go to a new company to get something more update. This then leads to said trust also putting back roll outs for newer versions of windows as the soft ware is no longer compatible.
This. If they are using XP, it's often because they have no choice. For a long time, the fact that certain systems would only work in IE6 held back upgrades for everybody.
Sent from my F5121 using Tapatalk
Of course the biggest problem being that MS stopped any support for XP in 2014.
£65m is a good deal. Microsoft licencing for corporate is far more complicated and costly then home licences. If the figure of £72 is correct and is includes application, server, OS and access licences is marvellous value for money
Brighton Mod
Its All Too Beautiful
Would appear its nothing to do with funding, but the failure of certain trusts to respond to a simple request to input a patch, given to them free, on to their system. A management failure that has cost the NHS millions of pounds, would appear symptomatic of how money is drained from the public purse by inept management in the NHS.
Billy the Fish
Technocrat
This is the crux of it for me, rolling out windows updates is a basic admin task.
I think if you read this article, you might find it enlightening. There are many factors at play.
http://www.bbc.co.uk/news/technology-39915440
"Updating your computer if you're an individual is a piece of cake, but for a network the size of Britain's National Health Service? Tough - time-consuming, expensive and complex."
But no. According to you, it's easy.
beorhthelm
A. Virgo, Football Genius
- Jul 21, 2003
- 35,313
you're not seriously accepting that deflection from Microsoft "its all NSA fault for not telling us bugs"? trouble its now known that MS had the bug fixes for the vulnerablility used back in Feb and released them to supported platforms (and paid XP support) in March before the NSA leak in April. they could refrain from a business model to force upgrades too, so much for putting security first. as for the ease of fixing NHS could be running run SCCM to deploy patches automatically, and auto-updating anti-virus which would have quarantined malware payloads even on vulnerable unpatched machines.
Marshy
Well-known member
You really need to work in the NHS to understand it's complexities, the legacy IT systems that are still in use and the SUPPLIERS of them, it's not quite as easy as saying why are some PCs still running XP or use SCCM to deploy patches. Sure things could be done better in the NHS like most organisations, but it's certainly not through lack of trying by IT depts to get more upto date. I would say 98% of PCs in BSUH are win7 or above and moving to windows 10 is on the horizon.
We thankfully were not hit by this attack and have taken further action to assure we are safe.
This is not just an NHS issue please do not forget that.
We thankfully were not hit by this attack and have taken further action to assure we are safe.
This is not just an NHS issue please do not forget that.
Shropshire Seagull
Well-known member
At HMRC with have circa 86,000 end clients [laptops, desktops, tablets, whatever] - I've no idea how this compares in quantity to the NHS - but it's still pretty large scale.
We are in mid project, moving everyone to Win 10 - not aware of any XP, but there is bound to be the odd one or two kicking around somewhere.
All Win 10 machines are patched with the regular Tuesday patch releases from Microsoft.
What I think may have happened, is that all major government departments receive an IT budget, but it's up to each how they choose to spend it. And if some think along the lines of "if my XP ain't broke, don't fix it" there was a lessons learnt of epic proportions last weekend.
Buzzer
Languidly Clinical
- Oct 1, 2006
- 26,121
I don't think anyone should bash the NHS but I think it's fair game to point the finger at individual trust IT departments. This is routine stuff. The size and complexity of an NHS trust is no excuse for basic security admin.
beorhthelm
A. Virgo, Football Genius
- Jul 21, 2003
- 35,313
you're at a trust that has got some grip on things, which highlights the shortcomings of others. fair enough its complex, that doesnt really wash as there's plenty of large complex organisations (oh the fun i hear of auditing the number of users). its just this idea that the solutions arent there. i wince when i hear the excuses that old equipment is running XP and vendor is gone (so who is providing hardware maintenence and support), or the need to run IE6 applications when you can virtualise those terminals. the solutions exist, its down to prioritisation and implemention. and training Linda not to open email attachments from ted@companyneverheardof.com.
Yes, I work for the NHS - we are in pre-election purdah so I should be careful not to express an opinion that favours one party over another (and I don't think I am)
I completely agree with you in general terms. However, I seriously think that IT should be a centrally managed such that decision making is taken away from the individual NHS bodies - many of whom are simply not well-placed to make responsible considered decisions
Buzzer
Languidly Clinical
- Oct 1, 2006
- 26,121
I cede to your better knowledge here and you've convinced me. It is worrying that considering access to patient records etc should be available to all NHS trusts there should therefore be an integrated IT policy.
thbjenkins
Active member
Chances are that actually it's the complete opposite. All Primary care clinical systems are hosted and the information stored in secure data banks, with back up data banks for the information to be moved to in the event of an attack.
bWize
Well-known member
- Nov 6, 2007
- 1,685
If the client workstation is compromised then the attacker could have easily pulled any information from the primary servers via the the infected workstation and then download it. It's highly likely there was a backdoor allowing the attacker full privileges to the infected workstations (Which in turn have rights to access the primary servers to look up patient health records etc)
Last edited:
dadams2k11
ID10T Error
No! They would still need Admin username and password to access stuff on the server. Not just any Tom dick or Harry can access the info. That's why we setup security groups and add users to the group to be able to access the information.
bWize
Well-known member
- Nov 6, 2007
- 1,685
Yes, but if the system is backdoored then keylogging to gain Admin User/Pass or even using a MITM attack would be fairly trivial for the attacker. Security user groups are not going to help if the machine being used by persons with high level access is compromised.
Last edited: