Discussing UK law. Links: swarb.co.uk | law-index | Acts | Members Image galleries

NHS software attack

A place to sit about and chat between more important things.

NHS software attack

Postby dls » Sat May 13, 2017 5:15 am

Am I right that the organisations who do not employ security staff have their computers updated automatically and have therefore missed this, but that those large organisations which do employ security staff, who disable automatic software updates, have left the systems open to attack when they do not keep up to date?
David Swarbrick (Admin) dswarb@gmail.com - 0795 457 9992
User avatar
dls
Site Admin
 
Posts: 12192
Joined: Thu Nov 01, 2012 1:35 pm
Location: Brighouse, West Yorkshire

Re: NHS software attack

Postby diy » Sat May 13, 2017 6:38 am

Pretty much.

But large organisations cannot risk the disruption automatic updates cause. With any luck their IT team should just be able to reclone the end devices pretty quickly. I don't really get why it has impacted the NHS so much, unless their IT is so disconnected.

Basic rules of any critical infrastructure: No single vendor strategies, no single point of build or failure. That would have saved them. But it costs more.
My suggestions are not legal advice
User avatar
diy
 
Posts: 2573
Joined: Fri Nov 02, 2012 10:06 pm

Re: NHS software attack

Postby shootist » Sat May 13, 2017 7:42 am

The thought occurs that if the NHS have been so victimised, why haven't other organisations like for instance the police, assuming they haven't been or are just keeping quiet about it.
"I do not agree with what you say, but I'll defend to the death my right to be offended by it."
User avatar
shootist
 
Posts: 3536
Joined: Sat Aug 10, 2013 9:40 pm

Re: NHS software attack

Postby atticus » Sat May 13, 2017 7:47 am

But many other organisations in many countries have been on the receiving end of this malware attack. Are you not listening to the news?

Today right now reports 100 + countries. FedEx has been hit. It seems the particular malware was developed by the US NSA and obtained by hackers.
User avatar
atticus
 
Posts: 19699
Joined: Sun Nov 11, 2012 2:27 pm
Location: E&W

Re: NHS software attack

Postby atticus » Sat May 13, 2017 8:03 am

an interesting blog on this attack. The web is full of others.
User avatar
atticus
 
Posts: 19699
Joined: Sun Nov 11, 2012 2:27 pm
Location: E&W

Re: NHS software attack

Postby Hairyloon » Sat May 13, 2017 8:40 am

Reports suggest that 90% of NHS trusts still use Windows XP, for which updates were discontinued some years ago.

I was wondering about this: isn't an attack on the fundamental infrastructure of a nation an act of war or some-such?
Take me to your lizard...
User avatar
Hairyloon
 
Posts: 10011
Joined: Thu Nov 01, 2012 3:12 pm
Location: From there to here and here to there... Funny things are everywhere.

Re: NHS software attack

Postby Smouldering Stoat » Sat May 13, 2017 8:58 am

Possibly, if it were carried out in the right circumstances. But these don't appear to be those circumstances.

Apparently the Government had a contract with Microsoft to continue to provide patches to Windows XP after support had been ended, but didn't renew it in May 2015. It's OK, though, because the NHS will soon have £350m extra a week to pay for these sorts of things.
Smouldering Stoat
 
Posts: 6293
Joined: Thu Nov 01, 2012 6:31 pm
Location: Near the Creek.

Re: NHS software attack

Postby Smouldering Stoat » Sat May 13, 2017 9:02 am

Incidentally, this is fascinating.
Smouldering Stoat
 
Posts: 6293
Joined: Thu Nov 01, 2012 6:31 pm
Location: Near the Creek.

Re: NHS software attack

Postby Hairyloon » Sat May 13, 2017 9:26 am

Take me to your lizard...
User avatar
Hairyloon
 
Posts: 10011
Joined: Thu Nov 01, 2012 3:12 pm
Location: From there to here and here to there... Funny things are everywhere.

Re: NHS software attack

Postby Hairyloon » Sat May 13, 2017 9:31 am

Smouldering Stoat wrote:Apparently the Government had a contract with Microsoft to continue to provide patches to Windows XP after support had been ended, but didn't renew it in May 2015. It's OK, though, because the NHS will soon have £350m extra a week to pay for these sorts of things.


Remind me why the taxpayer is still paying for obsolete software when perfectly good free software is readily available.

Wait a mo. May 2015: was that just after the election?
Take me to your lizard...
User avatar
Hairyloon
 
Posts: 10011
Joined: Thu Nov 01, 2012 3:12 pm
Location: From there to here and here to there... Funny things are everywhere.

Next

Return to The Robing Room

Who is online

Users browsing this forum: No registered users and 1 guest