back to article It is 2018 and the NHS is still counting the cost of WannaCry. Carry the 2, + aftermath... um... £92m

The UK's Department of Health and Social Care released a progress update this week on the hesitant efforts to deal with shonky NHS IT. Woman in hospital (in hospital gown) covers face with hands On the NHS tech team? Weep at ugly WannaCry post-mortem, smile as Health dept outlines plan READ MORE First the bad news. The …

  1. hplasm
    Meh

    £150m deal was signed with Microsoft to update systems to Windows 10

    Ah! Goodmoney!- Badmoney went that way. Quickly now!

    1. bombastic bob Silver badge
      Linux

      Re: £150m deal was signed with Microsoft to update systems to Windows 10

      for THAT! MUCH! they could have RE!-WRITTEN! every windows-only application to RUN! ON! LINUX! and *THEN* switched EVERYTHING over to Linux, and would have had MONEY LEFT OVER afterwards.

      I base my opinions on actual history, like Ernie Ball's experience switching the entire company over to Linux in the early 2000's.

      1. The Pi Man

        Re: £150m deal was signed with Microsoft to update systems to Windows 10

        FUCK! RIGHT! OFF!

        Ernie Ball has about 250 employees. NHS England has about 1.4 MILLION employees, and a PLETHORA of devices like medical scanners that the NHS CANNOT develop applications to control.

        1. bombastic bob Silver badge
          Stop

          Re: £150m deal was signed with Microsoft to update systems to Windows 10

          "medical scanners that the NHS CANNOT develop applications to control"

          So you call up scanner company and say "How much do you need from us to build a Linux version, or fix the windows version to run reliably under Wine" ?

          *NO* business exec would turn down an opportunity like THAT one (unless he's a Micro-shaft paid shill)!

          It would cost LESS than porting the universe over to Win-10-nic just because of a small number of applications that "need windows" for some reason. There's still a cost involved. Not debating that.

          Also, keep in mind that this is public tax money paying for all of this (to the best of my knowledge anyway). NHS is proving itself to be a bureaucratic BLACK HOLE for funding, wasting all of that money on Win-10-nic instead of hiring more staff to serve patients better (or getting more equipment that has a high demand). But I guess I'd expect that from *ANYTHING* that's "gummint" run...

          So who's accountable for all of the WASTE, FRAUD, and ABUSE? [fingers pointing everywhere is not a good thing]

          1. wallaby

            Re: £150m deal was signed with Microsoft to update systems to Windows 10

            "So you call up scanner company and say "How much do you need from us to build a Linux version, or fix the windows version to run reliably under Wine" ?"

            You try getting a GPIB card to run under wine

      2. wallaby

        Re: £150m deal was signed with Microsoft to update systems to Windows 10

        "for THAT! MUCH! they could have RE!-WRITTEN! every windows-only application to RUN! ON! LINUX! and *THEN* switched EVERYTHING over to Linux, and would have had MONEY LEFT OVER afterwards."

        Bob, that much money wouldn't have made an ounce of difference.

        I work in a clinical environment, a lot of the laboratory instruments I support are old - but they still work.

        The majority of them are XP, with a smattering of Win7, Win10, W95, WFWG, W98, DOS

        to bring those up to modern standards would necessitate the purchase of brand new instruments, some costing northwards of £600K. The failure at the NHS IMHO was in not separating those devices with elderly O\S's into VLans and protecting them from the big wide world as we have done.

        Its not just the cost of buying the things, its the qualification, training and everything else you need to add on to it as well.

        And an FYI - out of nearly 1000 instruments, only 1 is Linux and we keep that well away from our networks, oh, there's an android one too but we don't talk about that

        Actual history ....... not in a clinical environment.

        1. Anonymous Coward
          Anonymous Coward

          Re: £150m deal was signed with Microsoft to update systems to Windows 10

          The failure at the NHS IMHO was in not separating those devices with elderly O\S's into VLans and protecting them from the big wide world as we have done.

          I'm former NHS IM&T (junior technical) management.

          Our trust was setup with old devices (AED's, elderly MRI scanners etc) on vlans.

          I also know others weren't. One of the big problems with "The NHS" is that people persist in thinking "The NHS is one entity" despite each trust being operationally independent and having it's own independent IT department. Having worked for "The NHS" I would opinion that there is no such thing as "The NHS". It's a billing structure and a franchise, not an organization as people think it is.

          This is a list of trusts:-

          https://en.wikipedia.org/wiki/List_of_NHS_trusts

          Many of those trusts (eg, individual hospitals) are operationally independent but are simply too small to be. The county level IM&T department I worked with had more 3rd line staff than many of the hospitals had IT staff in total and it shows. The map of infections from WannaCry was a good indicator of which trusts had effective IT departments, with the effective IT departments having no infections.

          1. Alan Brown Silver badge

            Re: £150m deal was signed with Microsoft to update systems to Windows 10

            "...people persist in thinking "The NHS is one entity" despite each trust being operationally independent and having it's own independent IT department...."

            It's usually far worse than that. If you think there's only ONE independent IT department in a trust then you have a wakeup call coming, and several more if you think they're actually run by people who know what they're doing. Guerilla IT is a very real thing, as are managers who know nothing about complex network structures and think that everything runs on desktops.

            Even when there are people who actually know how to manage the IT side, the politics of getting anything done without the flamethrower of pending criminal charges playing across certain people's feet makes swimming in treacle look like a pleasureable alternative.

            I know of health trusts which have managed to get things right - usually by having IT report directly to the CEO and giving them the power to give orders to senior medics when needed, instead of the other way around.

      3. ReggiePerrin

        Re: £150m deal was signed with Microsoft to update systems to Windows 10

        Bob; You really know f*ck all about this dont you? I wouldnt have been suprised if you were involved in the failed National Programme for IT (NPfIT) when a bunch of sales d*cks convinced the government they could create single clinical systems for the entire NHS... that worked out well didnt it and its cost a hell of a lot more than £150m and produced very very little.

        £150m would have done nothing. If we just look at all the software out there running medical equipment, re-writing all the software would have meant the equipment itself would have to go thru all the safety checking (i.e.FDA). How much will that cost? How long will that take?

        Also how many companies do you think have software actively used in the NHS right now? I've worked in 3 different hospital Trusts... each one had at least 100 different applications actively used. A few were the same, but a shocking number were not. Thats just general hospitals, i haven't worked in primary care (GP land) and never touched mental health. Then there are the ambulance trusts. God and the companies involved, ranging from massive multinations to Jon in his shed (quite literally) who can't seem to understand why we don't really want to be using Access XP based solutions anymore.

        Do you also think that all these companies are just going to stop developing there systems and do a complete, from the ground, re-write? Some of these systems have evolved over decades. How long do you think thats going to take? They'll be rubbing their hands at the cost of this... you think its bad with Microsoft now? Times that by thousand greedy Sales execs adding a 500% margin because hell you ain't got no choice have you. You've bought the product, not like anyone else can re-write it.

        Then there is the training... there's over a million NHS employees. How much is re-training going to cost? Each one of those will use some sort of IT to a greater or lesser degree. Some of these people go off sick because of stress when you change the desktop wallpaper... let alone change the application and the OS.

        You tit.

      4. RyokuMas
        Facepalm

        Re: £150m deal was signed with Microsoft to update systems to Windows 10

        "I base my opinions on actual history..."

        ... because that worked sooooo well in Germany

        "would be FAR LESS than the HUNDREDS OF MILLIONS spent on moving to Win-10-nic"

        To quote from the above link: "From what I've been able to glean, thanks to Google's translation facility, the problems that have been stated fall into three categories: hardware support, interoperability and training and user adoption."

      5. steviebuk Silver badge

        Re: £150m deal was signed with Microsoft to update systems to Windows 10

        Talk to the Council in the US that switched to Linux. I like Linux but they dumped it after a few years because of the cost of training etc.

  2. Geoff May (no relation)

    Correct me if I'm wrong ...

    ... but didn't the NHS decide to outsource their IT to save money?

    If my memory isn't failing me, that was a good deal, wasn't it.

    1. Juillen 1

      Re: Correct me if I'm wrong ...

      Some places "outsourced" by spinning off their IT departments as independent organisations "affiliated" with the NHS, and with their original Trust being initially their sole client. It apparently made a saving on the books (though tanked morale, productivity and incentive to stay doing the job).

      Lots of places dug the heels in and are refusing to do it.

    2. steviebuk Silver badge

      Re: Correct me if I'm wrong ...

      No. Some trusts did, most didn't. SPT went with crapita and now regret it.

  3. Anonymous Coward
    Anonymous Coward

    Why has the NHS lost any money? they bought a product and it was inherantly faulty, any losses should be paid by the company responsible for selling said faulty product

    1. Juillen 1

      Kinda like sending your car back to the manufacturers saying it was faulty because someone broke the back window and nicked all your stuff from it and spread manure on every surface.

      1. Anonymous Coward
        Anonymous Coward

        >Kinda like sending your car back to the manufacturers saying it was faulty because someone broke the back window and nicked all your stuff from it and spread manure on every surface.

        Or perhaps more like those stupid keyless entry systems that were fingered as being defective by design security since their inception which can be easily circumvented by a MIM attack but they just kept on making them even though they knew it.

  4. Anonymous Coward
    Anonymous Coward

    Envy of the world...

    .,.etc, etc.

    1. Anonymous Coward
      Anonymous Coward

      Re: Envy of the world...

      ...but nobody said that world was actually the cranky cave barbarian world of the radioactive galactic core, Suxtobeehere IV

    2. Juillen 1

      Re: Envy of the world...

      Rest of the world's hospitals got hit by this too.

  5. Jay Lenovo
    Holmes

    5th Ave Healthcare

    It's almost like digital record systems are faster but continually cost a lot of money.

  6. Anonymous Coward
    Anonymous Coward

    Well, the good news for the NHS is...

    That it is pretty much the only game in town in the UK, unless you are at least upper middle class.

    So I guess they didn't lose many patients over the Wannacry debacle.

  7. Anonymous Coward
    Anonymous Coward

    The way I see it...

    80% of the cleanup costs should be billed to the NSA and the other 20% to Microsoft for the always enabled SMB that the spooks kit exploted.

  8. sanmigueelbeer

    estimate of £73m of IT cost in the immediate aftermath to actually fix stuff that got broken.

    So which coffer did this money come out of?

    1. Dan White

      £73 million? Pah, that's only about a fifth of the money that the NHS is going to get back in a week thanks to Brexit.

      Oh, wait. That was bollocks wasn't it...

    2. phuzz Silver badge

      Duh, out of our £350M/week brexit dividend of course.

  9. Joseba4242

    Being insecure cost £92m. Becoming (resonably) secure would cost £800m. Any surprises that it doesn't happen?

  10. Anonymous Coward
    Linux

    NHS upgrades antiquated IT systems to Windows 10?

    The WannaCry attack back in 2017 cost the NHS £92m

    Why not pass the costs back onto the software provider?

    the attack made the NHS finally bite the bullet and upgrade its antiquated IT systems. A three-year, £150m deal was signed with Microsoft to update systems to Windows 10

    That sentence fails the logic test.

    with staff gleefully downloading malware and opening phishing emails, according to the report, it sounds as though some training would not go amiss either.’

    Blame the staff for the crapware :]

    By 2021, more than £250m is expected to be spent on top of the Windows cash”.

    A Linux solution running off a read-only device with a hardware dongle for authentication would provide the solution for a fraction of the cost.

    1. steviebuk Silver badge

      Re: NHS upgrades antiquated IT systems to Windows 10?

      Then the millions required for training and development of applications that will run off those Linux systems.

      1. Will Godfrey Silver badge
        Unhappy

        Re: NHS upgrades antiquated IT systems to Windows 10?

        If a software developer requires training to code for Linux they should move to a more appropriate career - manure transport maybe?

        If the apps are configured to be ergonomic and intuitive there would be little need for training - certainly less than what's needed every time Microsoft has another clever stupid idea.

        1. Pascal Monett Silver badge
          Coat

          So the solution is to redesign all the software for Linux

          Including all machine interfaces, all MRI machines, all everything.

          Simples ! Won't cost a thing, for sure.

          1. Richard 12 Silver badge

            Re: So the solution is to redesign all the software for Linux

            Why would it affect the MRI machines etc?

            They aren't being "upgraded" to Win10 either, because they are industrial machines that come with a magical mystery box to control them that runs whatever it runs.

            In some cases that's WinXP Embedded, in others it's Linux, in others it might even be DOS.

        2. Alan Brown Silver badge

          Re: NHS upgrades antiquated IT systems to Windows 10?

          "If the apps are configured to be ergonomic and intuitive"

          That'd be a first. 90% of apps and programs are ergonomic disasters.

      2. bombastic bob Silver badge
        Linux

        Re: NHS upgrades antiquated IT systems to Windows 10?

        "Then the millions required for training and development of applications that will run off those Linux systems"

        would be FAR LESS than the HUNDREDS OF MILLIONS spent on moving to Win-10-nic (see my earlier post, near the top)

        1. Dan White
          FAIL

          Re: NHS upgrades antiquated IT systems to Windows 10?

          Bob, just stop. You're embarrassing yourself now...

      3. steviebuk Silver badge

        Re: NHS upgrades antiquated IT systems to Windows 10?

        Don't get me wrong. I like Linux but some distros aren't user friendly and would require training. Then having to code apps for it.

        The Reg needs an edit button.

  11. Anonymous Coward
    Anonymous Coward

    It will all be fixed next March

    Enough with this moaning and doing down of the NHS!

    When the first installments of the £350Mil start getting paid into the NHS all these minor IT problems will go away.

    Making Britain Great Again!

  12. Anonymous Coward
    Anonymous Coward

    Completing the plot

    So this story seems to complete the suspicions that it was in fact MS who released this attack code which UNINTENTIONALLY hit NHS. The timeline shows it:

    Feb2017: Vulnerability and leak of those nasty tools was reported.

    May2017: Patch was released by MS

    Jun2017: Patch for XP (which was an already unsupported OS at that time) was released

    Aug2017: Marcus Hutchins, guy who created a patch to stop WannaCry was jailed during DefCon.

    end result: £150m cash for MS with this Win10 upgrade.

  13. T 7

    Ah yes. NHS IT. Every April I get sent a 'secure message' from an external email address that asks me to open the html attachment to read the message. The thing is, it's genuine. So our IT department says - sure go ahead. Then we wonder why people open html attachments and spread malware.

    <facepalm />

  14. crotach

    Pretty soon you'll have £350m extra per week to fund NHS, so nothing to worry about here folks, carry on.

  15. 0laf
    Holmes

    I'm not surprised this is costing a fortune. Money was cut from most of the public sector and basic maintenance was an easy thing to stop. Since they'd never had a problem there was not problem. Patching just causes downtime doesn't it?

    It'll have left them with a massive pile of catch-up actions and no staff to do it since they'd all been paid off

    I wonder if the NHS be getting ongoing money to do maintenance on an ongoing basis or if we'll be back here in 5yr since they'll patch all the wannacry stuff then stop thinking the job is done?

  16. adam payne

    A three-year, £150m deal was signed with Microsoft to update systems to Windows 10

    I hope they are turning the slurpage off.

    is that meeting the standard would cost the NHS between £800m and £1bn, and NHS Digital believes this "would not be value for money"

    Surely anything that makes you think about security and forces you to put certainly measures in the place is worth the cost?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like