Author: Alexander Smith / Source: NBC News
LONDON — Why would doctors rely on computers running ancient software?
Last week’s worldwide cyberattack potentially put lives at risk by paralyzing computers at state-run medical facilities across the U.K. — including many using discontinued Windows XP.
Thousands of operations and appointments had to be canceled as the “WannaCry” malware threatened to delete crucial files unless ransoms of $300 and $600 were paid.
It may seem obvious that hospitals would have robust cybersecurity strategies to prevent any such disruptions.
However, the National Health Service (NHS) is a radically different beast from the U.S. healthcare system.
And the answer — and who’s to blame — differs depending on who you speak with.
Unlike in America, where treatment can result in hefty medical bills, the government-run NHS treats people for free. That is, after you count the £120 billion in taxes (around $155 billion) that pays for the healthcare behemoth each year.
The cyberattack has quickly become another political football in the years-long battle over the funding, remit, and the existential future of the NHS.
For critics of the U.K.’s right-wing Conservative government, the health service succumbed to “WannaCry” due to a lack of funding.
“We are fairly clear that, in at least one of the places heavily affected by the attack, finances and tightness of budgets were the reason why IT investment was rolled back,” said Sara Gorton, deputy head of health at Unison, one of Britain’s largest unions.
Related: How an IT Expert ‘Saved the U.S.’ From Cyberattack
She told NBC News that “the cyberattack is a very tangible example of the impact that finances are having on decision-making and the consequences of underfunding of the NHS.”
Around one-fifth of NHS trusts — the regional bodies that run British hospitals — were affected by the cyberattack.
The malware was able to jump from computer to computer by targeting a weakness in older versions of Windows, as well as more recent systems that hadn’t been updated.
Microsoft said the weekend’s attack was powered by an exploit stolen by hackers from the National Security Agency, or NSA. The tech giant released an update on March 14 that fixed this vulnerability — but Windows XP, which Microsoft stopped supporting in 2014, and computers that did not install the recent patch were left exposed.
A Freedom of Information Act request by American software company Citrix last year showed that 90 percent of NHS hospitals had computers that were still running Windows XP.
In short, the evidence suggests that the NHS wasn’t targeted specifically, but merely fell victim on such a large scale because its systems weren’t secure.
Not only do any new updates need to combine with existing applications, they also need to operate seamlessly alongside crucial hardware — such as MRI machines — that is often years old.
The consequences of the system crashing could be catastrophic.
Click here to read more