V O L 2 6 I S S U E 3 / 1 7 J U N E / J U L Y 2 0 1 7 T H E E U R O P E A N F O R U M F O R T H O S E I N T H E B U S I N E S S O F M A K I N G H E A L T H C A R E W O R K IMAGING 6-10 AI - machines are learning fast PET delivers new insight into multiple sclerosis Sonographers head towards professional status across the EU LABORATORY 11-17 Strategies to advance cancer biomarkers Do not use so much blood for analyses A new era for laboratory medicine No change: NHS is still vulnerable to cyber attack The recent global WannaCry ransomware cyberattack had a particularly acute impact on health services across the United Kingdom, leaving the country’s National Health Service (NHS) vulnerable to cyberattack, Mark Nicholls reports While affecting computers across the world – including Russia, EU countries and the USA –the United Kingdom’s NHS hospitals were forced to cancel routine surgery and GP appointments as systems were affected by the recent global cyber- attack, or were proactively shut down in an attempt to avoid the infection. Some hospitals diverted patients away from their accident and emer- gency (A&E) departments, while large amounts of electronic patient data became unavailable. As the inquest opened on why the NHS was so easily hacked, the initial focus fell on out-dated computer systems and unsupported software – notably Windows XP – which is still in widespread use in the NHS, and whether software patches issued by Microsoft to offer protection to current Windows software had been installed. Hospitals in England and Wales hit, but not others In England, 47 NHS trusts reported problems at hospitals and 13 in Scotland, while services in Wales and Northern Ireland were seem- ingly unaffected. England’s biggest NHS trust, Barts Health NHS Trust, which runs five hospitals in London, was forced to reduce surgery and cancel out- patient appointments. Whilst it emerged that Microsoft Bugs in the healthcare IT system - no medical answer against them identified a risk in March and sent out patches, some trusts might have delayed installing them. Various criticisms about the qual- ity of IT security in the NHS have been made in recent years with a number of high-level warnings. The Care Quality Commission and National Data Guardian, Dame Fiona Caldicott, wrote to health secretary Jeremy Hunt last sum- mer warning that an ‘external cyber threat is becoming a bigger consid- eration’ within the NHS. The NHS continues to face finan- cial constraints amid suggestions that funding had been diverted away from cyber security, but the government has rejected this, saying the NHS had upgraded its security before the incident, with £50 million made available to further improve security. The WannaCry ransomware behind the latest cyberattack locks many types of users’ files and demands a $300 (£230/270 Euros) payment to allow access. Although the indications are that the main repositories of patient data were not directly affected, access to ancillary was locked, effectively choking the daily operating patterns of the NHS. Meanwhile, Chris Hopson, chief executive of NHS Providers, said many hospitals use sophisticated technology such as MRI and CT scanners which are ‘bound to be using old software’ because they have a 10-year life expectancy and, consequently, often use older oper- ating systems. NHS IT analyst and cyber secu- rity commentator Dr John Lockley remains concerned that the NHS has not had a consistent and country- wide approach to cybersecurity for a number of years and so contin- ues to leave itself vulnerable to attack. Since the demise of NHS National Programme for IT there is no longer a centralised approach to updates, with each trust indepen- dently responsible for its actions. Too slow a response to migration from XP to later Windows version However, the recently-developed NHS Care Computer Emergency Response Team (CareCERT) offers advice and guidance to support health and social care organisations in responding effectively to cyber- security threats. Dr Lockley remains concerned that the risk of cyber attack within the NHS remains high, for a number of reasons. First, he says, the NHS has had an extremely slow, unco- ordinated response to migrating away from XP to the more secure and patchable later versions of Windows. Second, despite Microsoft making critical patches for these later programs in March, many trusts have not installed them, add- ing that there is, as yet, no robust national mechanism for policing the installation of upgrades. Whilst acknowledging that cer- tain types of medical equipment and programs still need XP because they would not be compatible with later systems, he adds: ‘Unless you John Lockley MD, a former general practitioner (GP) and committee member of the SystmOne National User Group (SNUG), is a NHS IT analyst and commentator on cyber security. disconnect all vulnerable computers from the outside world – physically or with special software techniques – they will always remain a risk to the safety of systems and networks. ‘If you have a weak point, you either have to protect fully against the possibility of anybody getting in, or not use those computers.’ The key to adequately protecting the NHS against further cyberattack, he concluded, is to instigate a robust, fully-funded and policed nationwide programme to replace XP and other legacy software across the entire NHS. Additionally, key steps are to Continued on page 2 www.healthcare-in-europe.com CONTENTS NEWS & MANAGEMENT 1-5 RADIOLOGY 6-10 LABORATORY 11-17 INFECIION CONTROL 18-20