Last week the NHS was subject to an unprecedented malware attack. This saw patient records compromised, cancelled operations and widespread disruption to services.
It’s widely accepted that outdated technology – specifically unsupported Windows XP systems – was to blame for the ease at which hackers were able to infiltrate sensitive data records. But what could have been done to prevent these attacks?
Robust technology needs robust funding
Fundamentally, if certain systems had been updated to the newest OS, this catastrophe might have been avoided. So why weren’t they?
Inevitably, many will point a vague finger at ‘management’. But the problem relates to under-investment in technology: a persistent issue for the NHS.
4% of the overall NHS budget is ear-marked for cyber security. But budget allocation from trust to trust varies wildly. For example, in 2015-16, records show that one NHS trust was spending £700,000 on IT while another was spending £3m — and it is thought the gap is much wider in some parts of the country. These disparities are clearly dangerous, but it also makes no sense for one trust to have a superior security set-up and another to have an outdated one. Any single weakness is a national weakness.
Furthermore, according to the Financial Times, the NHS has tended to allocate more money to trusts that were already high performing in terms of technology, rather than focusing on those in greater need. This is another sign of an approach to digital investment that is at best muddled, and at worst illogical.
70,000 machines are still running Windows XP, and face immediate risks. So this is a problem that needs rapid and decisive action.
Good technology, like Clarity, is built to adapt
As is regularly acknowledged, technology offers the NHS one of its best means of achieving its increasingly challenging aim of providing more care at a lower cost. Good technology means more productivity – and evidently, it can also prevent costly calamities.
At Clarity, we’ve seen first-hand how our technological innovation has a real, immediate and frontline impact on trust performance. Our rostering and bank software, for example, is built to adapt and update – so a trust itself can adapt to new challenges without constantly having to re-invest. Our technology is built for change – that’s the key.
And that seems to be the problem with much of the NHS’ technology in its current state: it isn’t built for change. The digital world is moving too fast, and hackers no longer exist at the fringe of society. The ease of this attack should be a serious alarm for decision makers: next time, it could be even worse.
Whatever the barriers are for investment in technology – fear of change, service disruption or a lack of funding – they need to be overcome. Clearly, technology isn’t always prioritised when funding decisions are made. But sooner or later, decision makers must accept that investing in better technology at the beginning can mean a lot less pain in the end.
May 17, 2017