The WannaCry malware attack that started on Friday has been in the headlines throughout the week and seems to be ongoing this morning. What began on Friday as an NHS attack seems to not be totally true as other large organisations have been subject to this malware. I avoid the word targeted as this would imply it solely sought out the NHS and clearly that is not the case.
What is clear though is that some organisations appear to have been hit harder than others. Why though is the more interesting question.
It seems that within the NHS there is still a substantial number of computers running the Microsoft Windows XP operating system. This was originally released for general use in 2001 and retired from the Microsoft line up in April 2014 when support for the operating system was withdrawn. 13 years for an operating system is remarkable, and in reality at the end of the life cycle the operating was quite different from its original one, although it still looked the same to any user.
The successor to Windows XP was released in 2008 and there have been three versions of Microsoft’s operating software since then, Vista, 8 and now 10. What this shows is how old XP is, a workhorse yes, but a tired old and perhaps frail workhorse.
As we now see vulnerabilities have been exposed in Windows XP but why weren’t these systems replaced when there was no more support for them from Microsoft? Did the decision makers in those organisations still using Windows XP just hope they would be OK forever? Who knows but when the impact is on peoples healthcare then the questions become more serious.
In the UK, we are currently experiencing the campaigning (endless it seems) for a general election. As with any sales pitch all those pitching promise the earth and a land of milk and honey. Regarding the NHS, all parties express how the NHS deserves more money and it probably does. It is always harder to believe the party in power though as the question keeps coming into my head, why have you not put that money in already? This weekend, the Health Secretary, Jeremy Hunt was noticeable by his absence, no statements, no interviews, or anything. Now given his popularity among NHS staff that is hardly surprising, but the NHS is his responsibility. Instead, we had Amber Rudd the Home Secretary appearing on all media outlets. Ms Rudd accepted Windows XP was “not a good platform” for keeping data secure. She told Sky News that the health secretary Jeremy Hunt had already instructed NHS trusts not to use the 2001 operating system. “I would expect NHS trusts to learn from this and to make sure that they do upgrade,” she said. [http://www.bbc.co.uk/news/health-39906019]
On social media cartoons are doing the rounds; one based on the “Where’s Wally” theme that reflects the total absence of the Health Secretary.
How has this been allowed to happen? If the current Ministers of State say this is unacceptable to be using Windows XP, then why have they not ensured it does not happen. Did they give the NHS the instruction to replace Windows XP, or did the hospitals ignore them? Which is it, and why is that allowed to happen?
I wonder if we will ever truly know.