This week a cyber attack affected hospitals across the NHS. My hospital, which is largely paperless, told staff to turn off Windows XP computers as a precaution. Across the country, care was delayed, some minor operations were cancelled, patient data was rendered unavailable and appointments postponed.
The NHS has been at risk of this kind of cyber attack for two years. Many NHS computers still run on Windows XP, which stopped receiving security updates in September 2013. The government paid £5.5 million to Microsoft to extend support for public sector systems, buying the time needed to purchase computers capable of running more recent operating systems, but this arrangement ended in May 2015.
The government could have done one of two things: bought more time from Microsoft, or updated the systems. They did neither and left patient data and patient care vulnerable to attack.
Staff in hospitals are well aware of the substandard quality of our IT. The day after the attack BMA junior doctors’ conference passed a motion calling for employers to ensure the tools we work with are fit for purpose. There will be a lot of focus on tracking down and prosecuting those who created the cyber attack, but the negligence that led to its success must also be criticised. Goodwill of the staff, whether doctors, health care assistants, or IT support workers, cannot hold up the NHS in the face of massive cuts.