Beyond Parody

What is extraordinary about the NHS ransomeware attack is that it hasn’t happened before. This huge organisation is a Microsoft monoculture, the only variety being the degree to which the software is kept up to date. IT departments are seen as “back office” and are therefore at the front of the queue  every time the politicians want to cut. The 24/7 NHS runs on 9-5 weekday IT support; updates are not applied for years if ever.

For example, at work:

• google warns me my browser is outdated
• the main patient administration system will only work in an outdated browser
• security certificates from the main pieces of software are not recognised so users have to dismiss dozens of security warnings each day and are in the habit of dismissing warnings
• there is still no universal end-to-end encrypted email
• there is a culture of communicating even trivia by attachments to email, fostering a “click to open” culture

A few years ago I had the opportunity to become involved with an open source, NHS sponsored, software project. While trying (failing) or get it taken up, I had to explain the head of IT what open source software was. He really didn’t know.

So now there will be a draconian managerialism response to the attack – deputy heads will roll – and the labour cost of doing anything will increase. But that’s all. Nothing real will change.

We need to apply to the funding body for money to treat patients. They have a system – let’s call it “Pink” – which is a browser based form. I log in, add a patient via a unique identifier, fill in a form with information the system already has, and beg for money.

To do this I need to be able to check old letters. These are stored on the computer file system, so I need to look via Windows. I need to read them, using Word. I need to check newer letters on our dictation system (lets call it Dick). These open in Acrobat.  If I need details of their family doctor I open the hospital patient administration system (PAS). To check previous bookings I have to check emails in Outlook. So: Pink; PAS; file browser; Word; Outlook; Dick; Acrobat. If we had an integrated imaging system I would look at that, but we don’t. Instead, if I need to I walk to the camera, log in, and look at the images on the camera system.

I was discussing with my manager the difficulty of working with the system  “What we need,” says I, “is an integrated system, where I can see the information, make a decision, enter the data once, and all the parties that need to know get the information they need from the same underlying data. There is a system you can buy that does that. Instead,” I whine, “I need seven windows open at the same time just to make one application for funding!”

Two weeks later (nearly a year ago) I get an email with the solution.

I forgot about it – drowned in a sea of whines – until a few weeks ago when I entered my clinic room to see the solution had arrived: I am now the proud custodian of a computer with two monitors.