back to article WannaCrypt NHS victim Lanarkshire infected by malware again

One of the UK National Health Service boards hit by WannaCrypt earlier this year has again been infected by malware. The Lanarkshire board manages the Hairmyres Hospital, Monklands Hospital, and Wishaw General Hospital in Scotland, and on Friday had to warn patients that it was only handling emergency cases. Lanarkshire was …

  1. Anonymous Coward
    Anonymous Coward

    Underfunded or underskilled?

    Or out sourced?

    1. Mark 85

      Re: Underfunded or underskilled?

      Possibly all three?

      1. Chris G

        Re: Underfunded or underskilled?

        Probably all three, plus you can add to that, undermanaged.

        I suspect in terms of quality as hospital managers seem to outnumber doctors.

        1. Anonymous Coward
          Anonymous Coward

          Re: Underfunded or underskilled?

          Utter childish nonsense, they lost several managers especially in their IT area last year, not sure why the press isn't investigating that to be honest as I bet it's full of juicy gossip.

          Half a department management team doesn't leave unless there's panic setting in about something.

          1. Doctor Syntax Silver badge

            Re: Underfunded or underskilled?

            "they lost several managers especially in their IT area last year"

            So undermanaged applies.

        2. Nick Kew

          @Chris G

          Undermanaged is not a term I'd associate with the NHS.

          It's must be a strong candidate for the world's prime example of this management style.

          1. Commswonk

            Re: @Chris G

            It's must be a strong candidate for the world's prime example of this management style.

            Or this one: https://www.slideshare.net/apanitsch/the-management-rowing-race.

            I know it's getting on a bit but "many a true word is said in jest".

    2. Anonymous Coward
      Anonymous Coward

      Re: Underfunded or underskilled?

      Lost key staff last year (police involvement allegedly)

      Outsource part of the key infrastructure to companies that we all know and love.

      Run their own e-mail service, not the national NHSMail solution

      Lots of other guff that sounds like a poorly run service, especially when you consider they've had months to get this sorted and clearly haven't.

      Anyone else betting there's a lot of XP kicking about? Seems odd that this one would be affected when other scottish trusts aren't.

  2. Nolveys

    "Don't worry, this time we have a backup!"

    - Pops CDRW in drive.

    - Contains "backup.lnk" and nothing else.

    "...aaand the backup is my brother, who said he'd hire me to work at his plumbing company. Whelp, see ya."

    1. Anonymous Coward
      Anonymous Coward

      "- Contains "backup.lnk" and nothing else."

      So it's all good then?

      :-)

      1. 404

        It's 2KB*, of course it's all there!

        *Caps means it's big... (bwaahaha)

  3. John Smith 19 Gold badge
    Unhappy

    "Patient support" nice piece of social engineering.

    So probably a good idea to set a policy of disabling all programming languages that MS Office can run?

    As for what Lanarkshire have gotten, who knows?

    Hitting the phone and rostering systems sounds pretty esoteric

    1. Dan 55 Silver badge

      Re: "Patient support" nice piece of social engineering.

      As for what Lanarkshire have gotten, who knows?

      Probably a Petya variant, which spreads in more-or-less the same way.

    2. Paul Crawford Silver badge

      Re: "Patient support" nice piece of social engineering.

      "Hitting the phone and rostering systems sounds pretty esoteric"

      Not really and most probably they both are managed by, or depend upon databases in, Windows machines.

      Real question is what had (not) been done since WanaCry exposed unpatched machines and flat/open internal networks allowing havoc to ensue. I suspect that any Word macros uses that were not disabled by group policy are a symptom of the first ailment...

  4. Anonymous Coward
    Flame

    Utter Bastards

    Just what sort of total fucking scum bastards target a hospital? I can only hope that they die slowly, horribly and just for good measure, painfully.

    And where the fuck are the people at GHCQ when we need them? They seem perfectly capable of tracking everyone of us, so why can't they seem to track down the pond life bottom feeding twats that do this type of thing?

    Please don't tell me that people shouldn't open this type of what I assume was an attachment to an email. If I worked as a doctor, nurse or in patient records, for example, I can't put my hand on my heart and say that I would not open an attachment called "patient report". Can anyone?

    Ok. Rant over.

    Cheers… Ishy

    1. pleb

      Re: Utter Bastards

      Actually, if it were targetted at hospitals, I'd almost think that was better. Some grievance against the medical community in the mind of an inadequate kiddie, lashes out in revenge.

      But in fact it's probably totally indiscriminate, fire off at random in the mall, see what happens just for kicks kind of mentality. Oh, I hit a hospital, lol.

      1. katrinab Silver badge

        Re: Utter Bastards

        If the payload is named patientreport.docm or patientreport.doc.exe then it is clearly targeted at medical facilities.

        1. pleb

          Re: Utter Bastards

          Oh yes. I must have skipped the last paragraph!

    2. Adam 1

      Re: Utter Bastards

      > And where the fuck are the people at GHCQ when we need them?

      Er, 'bout that. Maybe you don't want to look at where the Wannacry miscreants stole that exploit from. I'm sure GCHQ would love to give them a stern talking to, just as soon as they finish handing over all the security researchers who have been assisting in other investigations.

      1. Anonymous Coward
        Anonymous Coward

        Re: Utter Bastards

        @Adam1

        As I understand it wannacry was stolen from the NSA. Though I may be wrong. And I am most certainly not suggesting that GHCQ are a set of goody two shoes.I should imagine that they are as bad as the NSA but haven't been caught out yet.

        Cheers… Ishy

    3. Anonymous Coward
      Anonymous Coward

      Re: Utter Bastards

      >Please don't tell me that people shouldn't open this type of what I assume was an attachment to an email.

      You should open whatever arrives in your inbox within a corporate environment without a care - any IT bod or system which relies on you to do otherwise is not fit for purpose.

  5. M7S
    Black Helicopters

    "Who you gonna call?"

    Oh, bail conditions, sorry.

    1. Anonymous Coward
      Anonymous Coward

      Shhhh!

      Or someone will thing it's a good idea charging him of this too to hide some well paid executive fault...

  6. nickx89

    Failing to do so.

    NHS is consistently failing to address the cyber security issue the hospitals face. It should be the first on their priority list.

    1. Anonymous Coward
      Anonymous Coward

      Re: Failing to do so.

      They will be well aware of the issues but a combination of legacy kit that can't just be upgraded (Scanners running XP, and likely connected PCs also requiring XP), no resourced to mitigate through isolation and a belligerent staff who won't stoop to carrying out awareness training, will all add up to an ongoing risk form repeated attacks.

      Plus public sector IT has been an easy target for cuts for years. It was down to the bone years ago and they've still gone further. You can't reconfigure massive networks at the drop of a hat with two apprentices and a co-opted janitor. Even when the politicians wave their mighty soundbite wands.

      1. Anonymous Coward
        Anonymous Coward

        "Plus public sector IT has been an easy target for cuts for years"

        Still, I would like to see how the budget was spent...

        1. Boris the Cockroach Silver badge

          Re: "Plus public sector IT has been an easy target for cuts for years"

          Quote:

          "Still, I would like to see how the budget was spent..."

          Item 1. Office refurbishment for the management including new desks/chair/blinds and new paint(Ok it had only been done 2 yrs previously but it was starting to look worn out)

          Item 2. New PCs for the management, because they were starting to look worn out (the arrow on the return key was faded)

          Item 3. Training the management to use the new PCs

          Item 4. Getting several contractors to re-install windows after 1 of the managers gets a virus

          Item 5. Several surveys of NHS trusts to find out how they coped with viruses(hotel stays and full expenses included... strange how the surveys were during the summer and in Cornwall/West Wales)

          Item 6. Drawing up a report for the senior NHS manglement recommending that the NHS increases the number of in-house IT staff, making a disaster backup plan and training all staff to use the NHS computer systems properly

          Item 7. Buying a shredder and inserting said report into it as thats cheaper and quicker than doing item 6.

          There... I think that just about covers it

          1. 's water music

            Re: "Plus public sector IT has been an easy target for cuts for years"

            strange how the surveys were during the summer and in Cornwall/West Wales

            Shirley someone who decamps to Cornwall/West Wales for weather based treats/gravy deserves more sympathy than opprobrium?

        2. Anonymous Coward
          Anonymous Coward

          Re: "Plus public sector IT has been an easy target for cuts for years"

          it was spent badly, because IT is not it's only area graced with bad management.

          pay peanuts, get monkeys who'll spend their allotted amount peanuts poorly.

      2. Doctor Syntax Silver badge

        Re: Failing to do so.

        "legacy kit that can't just be upgraded"

        I usually point out the the "legacy" system is the one that's earning the money and therefore can't, as you point out, be easily upgraded. But if indeed this was spread by Word attachments on email there is every reason to treat Word as legacy which can and should be replaced.

        And, to forestall those who witter about "training to use this [allegedly] really difficult" LibreOffice then the training costs* for such a transition should be set against the costs of the obviously needed training for sanitary handling of email attachments.

        *Really? It's not exactly difficult. It's a long time since I used Word but I don't remember it being that hard to flip between one and the other; they seemed pretty similar. Maybe the difference between the ribbon and the classic interfaces made LibreOffice a harder transition until the recent update which provided an optional ribbon. And in any case, those using the ribbonised version of MS Office must have either swallowed the training costs when that was introduced or let staff struggle untrained when they had the much less disruptive alternative of OO or LO.

      3. Anonymous Coward
        Anonymous Coward

        Re: Failing to do so.

        Ask my trust in an FOI how much they spend on cyber security and the figure will be around 1 million.

        In reality it's me and half my time is devoted to other things thanks to IT staff leaving and not being replaced.

        Cyber security is no doubt on the priority list but that doesn't mean it gets backing from management (essential!) or funds (vital!)

        1. Anonymous Coward
          Anonymous Coward

          Re: Failing to do so.

          "Cyber security is no doubt on the priority list but that doesn't mean it gets backing from management (essential!) or funds (vital!)"

          So this is your list , not their list . See , what youre thinking of is a "wish list", aka "Pipe Dream" thats where your security is.

  7. Adrian 4

    "A couple of hours later on Saturday morning, it posted an update requesting that people avoid visiting emergency departments unless absolutely necessary."

    No chat and free tea in Lanarkshire then ?

    What exactly do people go to emergency departments for if not emergencies ? And shouldn't they be addressing that problem all the time rather than just when the IT systems are broken ?

    1. JimC

      Re What exactly do people go to emergency departments for if not emergencies ?

      Its because they can't get to see doctors at primary care. In the Brit NHS access to primary care / GPs is basically rationed by bureaucracy. In order to see a doctor you have to jump through complicated administrative processes that typically require the patient to be intelligent, well enough to be able to handle the processes and have plenty of spare time.

      The reason for this, of course is that Brit health care is free at point of delivery and theoretically unrationed, so the demand is almost unlimited. Supply, on the other hand, is very limited. Any kind of overt rationing is politically unacceptable*. The result is rationing by bureaucracy, since no-one can think of anything better.

      Not that anyone has chosen rationing by bureaucracy, its just all that anyone can think of to control the demand. The alternative might be doctors booked up for months ahead, which is equally ridiculous.

      *Its politically unacceptable, because Labour (=vaguely left) governments have a big soundbite of 'the evil tories are trying to destroy your NHS', so daren't be seen introducing demand management themselves, whilst Conservative (Tory=vaguely right) governments are desperately trying to avoid looking like evil tories destroying the NHS, so won't do anything either.

      1. iron Silver badge

        Re: Re What exactly do people go to emergency departments for if not emergencies ?

        That would be the English NHS (and Wales presumably). The Scottish NHS is run differently and I can see a GP within 24 hours if I need to.

        1. David Neil

          Re: Re What exactly do people go to emergency departments for if not emergencies ?

          Not in Clydebank I can't.

          1. Anonymous Coward
            Anonymous Coward

            Re: Re What exactly do people go to emergency departments for if not emergencies ?

            "Not in Clydebank I can't."

            Baws. You have the RAH and QEUH. Honestly, folk in Clydebank seem to think they are entitled to their own A&E for some strange reason. I live in Clydebank, so I'm aware of what's going on. And no, you can't get one at the Golden Jubilee as it's (a) not fit for that kind of scenario and (b) doesn't belong to the local health board.

            1. David Neil

              Re: Re What exactly do people go to emergency departments for if not emergencies ?

              I replied to a post which stated "The Scottish NHS is run differently and I can see a GP within 24 hours if I need to."

              Where did I mention A&E, or the post that I responded to? Oh it didn't, ergo yer a bawbag

        2. Anonymous Coward
          Anonymous Coward

          Re: Re What exactly do people go to emergency departments for if not emergencies ?

          I'm in England and my GP practice still runs open surgery sessions in the mornings so I can turn up and will get to see a GP (possibly having to wait a while). They used to do this for all their surgery sessions but a few years back changed the afternoon/evening to "pre-booking" - I suspect this was a result of the NHS patient surveys that were around at the time which asked people who'd visited GPs to report on how easy it had been to book there appointment and an answer of "I didn't have to book as I just needed to turn up and ask to see a GP" didn't fit into the ratings scheme.

        3. Pan_Handle

          Re: Re What exactly do people go to emergency departments for if not emergencies ?

          I'm glad for you, but that's not because you aren't in England and Wales,it's because you are lucky.

      2. Anonymous Coward
        Anonymous Coward

        Re: Re What exactly do people go to emergency departments for if not emergencies ?

        NHSScotland is different.

        You can walk into a hospital ED (not A&E btw) or minor injury unit any time you want and get treatment if they deem it necessary. THEY being the clinicians not management nor the government who have nothing to do with it.

        The problem is the number of drunks, druggies, unsocial idiots who keep emergency services busy, not management.

  8. Anonymous Coward
    Anonymous Coward

    Worrying

    Our local health centre is using FB and Twitter to tell people to stay away. No appointments, no results, no repeat prescription. Nothing.

    Fingers crossed that some systems comes back up today.

  9. Anonymous Coward
    Anonymous Coward

    My hospital has two Philips CT scanners running XP. We've got in touch with Philips and they're forbidding us from applying any windows update (Even the WannaCry patch).

    They need to be networked because you need to get the images to other systems. But if we patch they loose their warrenty and CE marking since we're acting against the manufacturer. So... that sucks.

    1. Anonymous Coward
      Anonymous Coward

      So you sue Philips for knowingly endangering people's lives.

      1. robidy

        No you put a basic firewall in front and call for a national boycott...do people not understand the buying power of the NHS....it's one of the largest purchasers of this kit in the world...smaller peivate hospitals don't stand for this so why does the NHS?

        1. Anonymous Coward
          Anonymous Coward

          "...smaller private hospitals don't stand for this so why does the NHS?..."

          Maybe because private hospitals are already private and aren't being run (down) by a Government who want to privatise the NHS and who have their snouts in the trough of private medicine?

          1. Doctor Syntax Silver badge

            "being run (down) by a Government who want to privatise the NHS and who have their snouts in the trough of private medicine?"

            Go read JinC's comment above. He's already nailed this political garbage. You know as well as I do that no party dare touch the NHS in the way you suggest and this is an over-used piece of claptrap that Labour drag out at every opportunity. And as JimC says, it inhibits everybody from trying to improve the situation the NHS has got into.

            1. Anonymous Coward
              Anonymous Coward

              I'm afraid JimC is talking bollocks...

              1. HieronymusBloggs

                "I'm afraid JimC is talking bollocks..."

                So afraid that you posted anonymously.

                JimC's comment looked quite sensible to me, but then I have little time for those who view politics as a form of religion.

            2. Mark Dempster

              >Go read JinC's comment above. He's already nailed this political garbage. You know as well as I do that no party dare touch the NHS in the way you suggest and this is an over-used piece of claptrap that Labour drag out at every opportunity. And as JimC says, it inhibits everybody from trying to improve the situation the NHS has got into.<

              No, YOU are wrong. There are many documented cases of in-house NHS services being barred from tendering for services in favour of private companies - and even cases where the internal bid came in cheaper, but was still rejected.

              Plus you have people like Richard Branson buying up everything he can, & suing the NHS if he then doesn't win a tender operation.

              When you introduce profit-making motives to any public organisation you will inevitably find that either service levels drop or costs increase (or both!) in order to keep the private provider in business.

          2. robidy

            You don't need cash to call a boycott, Philips is that worlds largest and the leader in LED lighting any one of it's competitors would love a foot in the door, use the companies power against itself...it's commercially unaware people like youself that allow privitisation to begin.

        2. Anonymous Coward
          Anonymous Coward

          NHS may collectively be one of the largest purchasers of this sort of kit in the world ... but each hopsital/authority/etc buys most things indenpendently. Think recently Department of Health got someone to investigate the effects of this and found different hospitals paying wildly different prices for the same things - the main area of commonality was the purchasing managers at most hospitals were reluctant to reveal prices they paid because "the salesman told us we were getting a special deal which we couldn't tell anyone else as they couldn't give everyone the same deal" ... and, of course, these "special deals" were in general anything but special.

    2. robidy

      So a basic firewall infront to proxy connections is not possible?

      Patching all XP desktops is not possible?

      Filtering in bound mail is not possible?

      Mandating scans of USB devices is not possible?

      You hilight a cultural issue....management need a reality check to fix the culture.

      Oh and a national call to boycott Philips for hurting our NHS would soon get some action, that doesn't involve the phrase "you need to buy a new one".

    3. Anonymous Coward
      Anonymous Coward

      If they are still under warranty I'd ask Philips to replace them because they are obviously defective. I'd also add a letter stating that any new networked device tender will include security high in the list - especially because of GDPR.

      Then, depending on how they need to be networked, I'd design a way to isolate those XP machines and use a secure "proxy" to transfer the images.

    4. Anonymous Coward
      Anonymous Coward

      Not an ideal solution but have a cdr burner, burn the images and move to a machine on the network with auto run disabled. They should be safe disconnected entirely and you're not risking infection with USB sticks.

    5. Doctor Syntax Silver badge

      "But if we patch they loose their warrenty and CE marking since we're acting against the manufacturer."

      Put them on the spot and ask them* if their warranty covers not only malware damage to the unpatched systems themselves but also consequent damage to other systems for malware getting in through unpatched XP and consequent harm to patients.

      *Via your legal dept. of course. Potentially being on the hook for large damages is apt to concentrate minds.

      1. Hans 1

        Philips must have a license clause, just like the Windows license reads: The manufacturer or installer, and Microsoft, exclude all implied warranties and conditions, including those of merchantability, fitness for a particular purpose, and non-infringement.

        I accept clauses like that from FFS because I can change the software myself for it to become fit for a particular purpose ;-) ... If Philips do not update the software on their medical equipment, then I think hospitals around the world must contact the press ... and the media must do their part. This is, of course, unacceptable.

        I would also advise hospitals avoid embedded systems, or demand FFS so they can update as they see fit, worst case, hire a bloke to update the driver for the newest kernel.

        1. Anonymous Coward
          Anonymous Coward

          Believe me, critical systems and devices are a different league from generic software. I really hope Philips medical equipment doesn't have such a clause, and nobody accept something like that.

          Also, believe me, very few hospitals would update their equipment as they see fit (unless they have a research department capable of doing it, and test it on "guinea pigs"...), or hire the first "bloke" they can find to update a driver, and then maybe kill a patient which would be them a fault of theirs.

          As long as you modify a device and kill yourself that's fine, when you put other people in danger it is not.

          Any change in such systems require a deep knowledge of the system and understanding the effects of it - and of course, extensive testing. That's what Philips would like to avoid because it has costs, but it can't avoid it any longer.

          I believe something like the aviation authorities is needed, when something dangerous is found they mandate changes, and both manufacturers and users must comply within the allowed timeframe.

          1. Korev Silver badge
            Boffin

            Believe me, critical systems and devices are a different league from generic software. I really hope Philips medical equipment doesn't have such a clause, and nobody accept something like that.

            I work in IT in drug research (and in a cancer lab before that), most systems, reagents, etc are specifically marked as "For Research only" to get around all of the regulations. Obviously buying ones "For Diagnostic Purposes" is hugely more expensive due to the regulators. I assume that the scanners etc. have to be certified in the same way.

            If they muck up their software in an upgrade to either the controller PCs/Servers, the software and/or the scanner firmware then things can go <a href="https://www.theregister.co.uk/2016/07/03/mri_software_bugs_could_upend_years_of_research/>quite badly wrong</a> so the field is very conservative.

    6. Daveytay

      The certification probably doesn't let you modify the OS. This means you can't add software, like a decent exe whitelisting AV suite that are available now. Luckily for me, when I was doing some consulting for a Genomics Start-up, there were no such rules. I networked some ABI Sequencers that ran NT4, on something like SP5, about 16 years ago. I backed them up, put NT4 SP6a, the NetWare 5.1 client and pushed the corporate AV NAL which was Symantec's recent purchase from Intel, their pretty good managed AV at the time. I would back those suckers up fairly often because they were the guts of the entire genomics lab. That was a neat job; working with Scientists is cool. I even got to delegate the rebuild of the radio-isotope scintillator that blew a hard drive and the floppy was super clogged with dust to a junior. I told him to glove up. Good times...

      1. robidy

        So why is a firewall proxy a problem?

  10. jzedward

    For those who don't know him, Calum Campbell did not exactly cover himself in glory as CEO of BGH, and left the IT systems there vulnerable to Wannacry (in line with most Scottish NHS trusts). Once you are in the little CEO circle your competence is longer an obstacle to advancement

  11. drewsup

    this, after how much spent on IT upgrade

    oh ya, only 10 Billion....

    https://www.theguardian.com/society/2013/sep/18/nhs-records-system-10bn

    1. Anonymous Coward
      Anonymous Coward

      Re: this, after how much spent on IT upgrade

      That was just the cost of consultancy on new letter heads.

    2. Just Enough

      Re: this, after how much spent on IT upgrade

      That was NHS England. This story is about NHS Scotland. Separate entities with separate systems.

    3. robidy

      Re: this, after how much spent on IT upgrade

      Which to be fair was a Labour born and bred disaster that the Conservative private sector chums seem to be dining out on but failing to fix...I'm unsure which is worse.

  12. Anonymous Coward
    Anonymous Coward

    Despite all the money NHS received on new tech in the past 15 years almost none of it was invested in staff. 8 people out of 10 working in IT in NHS have very little interest in the industry (if any for that matter). Those that actually know something are rarely promoted to run a team (or God forbid a whole department). Instead of waiting 5-10 years to go higher up they just change the employer. Also the IT reqruitment processes in most of the NHS are truly bizarre. Someone at some point has realized that this whole NHS IT thing is weird at it would be best to outsourcing it. Outsourcing NHS IT, oh boy, if someone was to write a book about it it would take longer than to finish the Game of Thrones.

  13. Roland6 Silver badge

    New outbreak or reinfection ...

    It will be interesting to see whether they get to the source of this new outbreak.

    Wouldn't surprise me to find that this outbreak was caused by someone opening/forwarding an infected file that for various reasons got missed on the clean up from the last outbreak.

  14. Anonymous Coward
    Anonymous Coward

    This will continue as long as the NHS uses Microsoft Windows.

    They are not skilled, resourced or funded enough to protect themselves for the issues of a swiss cheese OS

    1. robidy

      And what OS would stop it? Linux? MacOS? The one from the terribly nice chap from North of Samsung land? The OS is not the problem...how it's managed is.

      Management needs to understand it's okay to have outages because of improvements...but not acceptable because of lack of improvement. The former should not be part of SLAs outside core hours if planned and managed...clearly from Wannacrypt departments CAN manage without those systems when pushed.

    2. EnviableOne

      Search NHSbuntu, they are working on it

      1. Anonymous Coward
        Anonymous Coward

        Office, email & chat.

        Yup that looks like a complete suite of everything they use.

    3. Anonymous Coward
      FAIL

      You see that multi-million pound bit of kit? You know the one saving peoples lives, day in day out.

      I've looked in GitHub and the Ubuntu "store" for certified software and you know what, I just can't find it.

      Maybe I can get Dave to knock something up, he's good at that sort of thing.

  15. Snorlax Silver badge
    FAIL

    Find The Head Of I.T.

    ...and SACK THE FUCKER.

    No excuse for being hit a second time, is there?

  16. Anonymous Coward
    Unhappy

    FREEDOM!

    NHS Scotland is a fiasco under the SNP, as is education, the polis, ScotRail, in fact everything the SNP touches turns to dust.

  17. TheElder

    It is the users

    Social engineering == stupid users. We need to educate the users. Sometimes that just isn't possible.

    Civil Servant with no brain

  18. Amorous Cowherder
    Facepalm

    “Due to NHS Lanarkshire IT issues, the staff bank system and telephone are offline and currently unavailable”

    Hold on there....

    “Due to general NHS IT underfunding and outsourcing to crap offshore services in the east where no one gives a flying crap about the systems their supposed to be running, the staff bank system and telephone are offline and currently unavailable.”

  19. adam payne

    At the time, NHS Lanarkshire expected a 72-hour outage, and CEO Calum Campbell attributed the outage to malware, with systems taken offline to contain the outbreak with help from its IT provider.

    Lessons not learnt regarding Malware then.

  20. Anonymous Coward
    Anonymous Coward

    I.T. Budget

    It's been a long time since I worked for the NHS but one of the problems I encountered was that I.T. was only notionally in charge of the I.T. budget. Each department could, and did, buy their own kit often without reference to I.T. As for medical equipment, usually the first time the hospital I.T. department would hear about new kit would be when the "computer bit" broke and an irate consultant demanded it be fixed immediately.

    I don't imagine it's changed that much.

  21. Anonymous Coward
    Anonymous Coward

    No doubt....

    ...they've probably outsourced their IT despite being warned it wouldn't be cost affective. No one listens to that and then a few years later bring IT back in house. You loose the skill of current knowledge and the fact most IT on site, will, even need, break SLA just to get stuff fixed. Outsourced companies want their money so will be strike with their SLAs.

    To be hit a 2nd time clearly means they never bothered fully fixing it the first time.

  22. Tubz Silver badge

    P45's all round for incompetence and big fat pay off's for managers !

  23. clintos

    Lacking knowledge...

    People need go be more vigilant with emails. The cyber attackers are preying on the minds of the people who do not know any better. Train them to spot the hacker

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like