£150m deal was signed with Microsoft to update systems to Windows 10
Ah! Goodmoney!- Badmoney went that way. Quickly now!
The UK's Department of Health and Social Care released a progress update this week on the hesitant efforts to deal with shonky NHS IT. Woman in hospital (in hospital gown) covers face with hands On the NHS tech team? Weep at ugly WannaCry post-mortem, smile as Health dept outlines plan READ MORE First the bad news. The …
for THAT! MUCH! they could have RE!-WRITTEN! every windows-only application to RUN! ON! LINUX! and *THEN* switched EVERYTHING over to Linux, and would have had MONEY LEFT OVER afterwards.
I base my opinions on actual history, like Ernie Ball's experience switching the entire company over to Linux in the early 2000's.
"medical scanners that the NHS CANNOT develop applications to control"
So you call up scanner company and say "How much do you need from us to build a Linux version, or fix the windows version to run reliably under Wine" ?
*NO* business exec would turn down an opportunity like THAT one (unless he's a Micro-shaft paid shill)!
It would cost LESS than porting the universe over to Win-10-nic just because of a small number of applications that "need windows" for some reason. There's still a cost involved. Not debating that.
Also, keep in mind that this is public tax money paying for all of this (to the best of my knowledge anyway). NHS is proving itself to be a bureaucratic BLACK HOLE for funding, wasting all of that money on Win-10-nic instead of hiring more staff to serve patients better (or getting more equipment that has a high demand). But I guess I'd expect that from *ANYTHING* that's "gummint" run...
So who's accountable for all of the WASTE, FRAUD, and ABUSE? [fingers pointing everywhere is not a good thing]
"for THAT! MUCH! they could have RE!-WRITTEN! every windows-only application to RUN! ON! LINUX! and *THEN* switched EVERYTHING over to Linux, and would have had MONEY LEFT OVER afterwards."
Bob, that much money wouldn't have made an ounce of difference.
I work in a clinical environment, a lot of the laboratory instruments I support are old - but they still work.
The majority of them are XP, with a smattering of Win7, Win10, W95, WFWG, W98, DOS
to bring those up to modern standards would necessitate the purchase of brand new instruments, some costing northwards of £600K. The failure at the NHS IMHO was in not separating those devices with elderly O\S's into VLans and protecting them from the big wide world as we have done.
Its not just the cost of buying the things, its the qualification, training and everything else you need to add on to it as well.
And an FYI - out of nearly 1000 instruments, only 1 is Linux and we keep that well away from our networks, oh, there's an android one too but we don't talk about that
Actual history ....... not in a clinical environment.
The failure at the NHS IMHO was in not separating those devices with elderly O\S's into VLans and protecting them from the big wide world as we have done.
I'm former NHS IM&T (junior technical) management.
Our trust was setup with old devices (AED's, elderly MRI scanners etc) on vlans.
I also know others weren't. One of the big problems with "The NHS" is that people persist in thinking "The NHS is one entity" despite each trust being operationally independent and having it's own independent IT department. Having worked for "The NHS" I would opinion that there is no such thing as "The NHS". It's a billing structure and a franchise, not an organization as people think it is.
This is a list of trusts:-
https://en.wikipedia.org/wiki/List_of_NHS_trusts
Many of those trusts (eg, individual hospitals) are operationally independent but are simply too small to be. The county level IM&T department I worked with had more 3rd line staff than many of the hospitals had IT staff in total and it shows. The map of infections from WannaCry was a good indicator of which trusts had effective IT departments, with the effective IT departments having no infections.
"...people persist in thinking "The NHS is one entity" despite each trust being operationally independent and having it's own independent IT department...."
It's usually far worse than that. If you think there's only ONE independent IT department in a trust then you have a wakeup call coming, and several more if you think they're actually run by people who know what they're doing. Guerilla IT is a very real thing, as are managers who know nothing about complex network structures and think that everything runs on desktops.
Even when there are people who actually know how to manage the IT side, the politics of getting anything done without the flamethrower of pending criminal charges playing across certain people's feet makes swimming in treacle look like a pleasureable alternative.
I know of health trusts which have managed to get things right - usually by having IT report directly to the CEO and giving them the power to give orders to senior medics when needed, instead of the other way around.
Bob; You really know f*ck all about this dont you? I wouldnt have been suprised if you were involved in the failed National Programme for IT (NPfIT) when a bunch of sales d*cks convinced the government they could create single clinical systems for the entire NHS... that worked out well didnt it and its cost a hell of a lot more than £150m and produced very very little.
£150m would have done nothing. If we just look at all the software out there running medical equipment, re-writing all the software would have meant the equipment itself would have to go thru all the safety checking (i.e.FDA). How much will that cost? How long will that take?
Also how many companies do you think have software actively used in the NHS right now? I've worked in 3 different hospital Trusts... each one had at least 100 different applications actively used. A few were the same, but a shocking number were not. Thats just general hospitals, i haven't worked in primary care (GP land) and never touched mental health. Then there are the ambulance trusts. God and the companies involved, ranging from massive multinations to Jon in his shed (quite literally) who can't seem to understand why we don't really want to be using Access XP based solutions anymore.
Do you also think that all these companies are just going to stop developing there systems and do a complete, from the ground, re-write? Some of these systems have evolved over decades. How long do you think thats going to take? They'll be rubbing their hands at the cost of this... you think its bad with Microsoft now? Times that by thousand greedy Sales execs adding a 500% margin because hell you ain't got no choice have you. You've bought the product, not like anyone else can re-write it.
Then there is the training... there's over a million NHS employees. How much is re-training going to cost? Each one of those will use some sort of IT to a greater or lesser degree. Some of these people go off sick because of stress when you change the desktop wallpaper... let alone change the application and the OS.
You tit.
"I base my opinions on actual history..."
... because that worked sooooo well in Germany
"would be FAR LESS than the HUNDREDS OF MILLIONS spent on moving to Win-10-nic"
To quote from the above link: "From what I've been able to glean, thanks to Google's translation facility, the problems that have been stated fall into three categories: hardware support, interoperability and training and user adoption."
Some places "outsourced" by spinning off their IT departments as independent organisations "affiliated" with the NHS, and with their original Trust being initially their sole client. It apparently made a saving on the books (though tanked morale, productivity and incentive to stay doing the job).
Lots of places dug the heels in and are refusing to do it.
>Kinda like sending your car back to the manufacturers saying it was faulty because someone broke the back window and nicked all your stuff from it and spread manure on every surface.
Or perhaps more like those stupid keyless entry systems that were fingered as being defective by design security since their inception which can be easily circumvented by a MIM attack but they just kept on making them even though they knew it.
“The WannaCry attack back in 2017 cost the NHS £92m”
Why not pass the costs back onto the software provider?
“the attack made the NHS finally bite the bullet and upgrade its antiquated IT systems. A three-year, £150m deal was signed with Microsoft to update systems to Windows 10”
That sentence fails the logic test.
‘with staff gleefully downloading malware and opening phishing emails, according to the report, it sounds as though some training would not go amiss either.’
Blame the staff for the crapware :]
“By 2021, more than £250m is expected to be spent on top of the Windows cash”.
A Linux solution running off a read-only device with a hardware dongle for authentication would provide the solution for a fraction of the cost.
If a software developer requires training to code for Linux they should move to a more appropriate career - manure transport maybe?
If the apps are configured to be ergonomic and intuitive there would be little need for training - certainly less than what's needed every time Microsoft has another clever stupid idea.
Why would it affect the MRI machines etc?
They aren't being "upgraded" to Win10 either, because they are industrial machines that come with a magical mystery box to control them that runs whatever it runs.
In some cases that's WinXP Embedded, in others it's Linux, in others it might even be DOS.
So this story seems to complete the suspicions that it was in fact MS who released this attack code which UNINTENTIONALLY hit NHS. The timeline shows it:
Feb2017: Vulnerability and leak of those nasty tools was reported.
May2017: Patch was released by MS
Jun2017: Patch for XP (which was an already unsupported OS at that time) was released
Aug2017: Marcus Hutchins, guy who created a patch to stop WannaCry was jailed during DefCon.
end result: £150m cash for MS with this Win10 upgrade.
Ah yes. NHS IT. Every April I get sent a 'secure message' from an external email address that asks me to open the html attachment to read the message. The thing is, it's genuine. So our IT department says - sure go ahead. Then we wonder why people open html attachments and spread malware.
<facepalm />
I'm not surprised this is costing a fortune. Money was cut from most of the public sector and basic maintenance was an easy thing to stop. Since they'd never had a problem there was not problem. Patching just causes downtime doesn't it?
It'll have left them with a massive pile of catch-up actions and no staff to do it since they'd all been paid off
I wonder if the NHS be getting ongoing money to do maintenance on an ongoing basis or if we'll be back here in 5yr since they'll patch all the wannacry stuff then stop thinking the job is done?
A three-year, £150m deal was signed with Microsoft to update systems to Windows 10
I hope they are turning the slurpage off.
is that meeting the standard would cost the NHS between £800m and £1bn, and NHS Digital believes this "would not be value for money"
Surely anything that makes you think about security and forces you to put certainly measures in the place is worth the cost?