NHS ransomware crisis latest: Health Secretary sets deadline for NHS-wide IT fix

Hunt demands change, while accusations fly that warnings about possible danger of ending XP cover continue to fly

Posted 16 May 2017 by

Finally breaking his silence on the global WannaCry hack attack that has battered the NHS, Health Secretary Jeremy Hunt has given the NHS ten months to protect itself against further IT weakness.

He wants that done by NHS managers stripping out the remaining copies of older Windows operating systems that are now believed to be the main way the service was made vulnerable.

Hunt told the press that the NHS had made a “huge effort” to improve its IT resilience and committed to eliminate use of such devices by the end of March 2018.

He went on to claim that 18 months ago nearly one in five of all NHS devices were running on XP, a figure now cut to 4.7%,  meaning “real effort has been made” to close this back door.
He also claimed a new government contract means all unsupported systems have less than a year to be phased out.
However, no mention of either this remedial action or even the crisis itself can be found on the Department of Health website, as of this morning, at least.
Meanwhile, much debate on the causes of the relatively severe impact of the attack on the NHS was government unwillingness to spend money on helping the service get off XP, which has been officially unsupported by Microsoft for a number of years.
A special one-off annual £5.5m deal with Microsoft to provide ongoing security support for Windows XP was cancelled in May 2015, meaning individual Trusts had to pay extra for their own support if they wanted to carry on with the system.

Critics allege that this was short-sighted cost-cutting, forcing too many NHS bodies to choose between frontline services or back office IT work – with most choosing the former.

The news comes on the fifth day of the crisis, which as of yesterday was still affecting the health service, with a number of major NHS acute hospitals were forced into a fresh wave of cancellations of operations, appointments and other services on Monday.

These include The Royal London (Barts Health Trust), Broomfield Hospital (Mid Essex Trust) and Basingstoke and North Hampshire Hospital (Hampshire Hospitals FT).

Press reports suggest that GPs surgeries are having particular trouble coping, with many claimed to be “struggling” to offer appointments yesterday, with no access to booking systems or records as they attempted to protect operating systems from the virus.

We’ll continue to cover the crisis and its aftermath. Go here for the latest guidance on protecting your institution from the ransomware assault from the National Cyber Security Centre.