|
Post by Robbo on May 14, 2017 16:34:50 GMT
The patch came out in March and the leak was freely available a couple of weeks after. I'm not sure what point you are trying to make. The leak was available before that, but it isn't particularly relevant. The fact is that the exploit and the patch that fixes it have been about for a while, but the NHS wouldn't have had access to the patch as they stopped paying for support 3 years ago... The support was to keep windows XP updates going, as Microsoft said that serious security flaws will still be patched so the support was basically for nothing unless you wanted to run XP on the newest hardware. The money is better spent on moving those systems away from XP. What I'm saying is that it is very hard for a large organisation to stay up to date with patches. It's even harder when your organisation runs specialisted software. You seem to think it's just a press of the update button, will it isn't.
|
|
|
Post by Delta9 on May 14, 2017 16:37:31 GMT
I'm not sure what point you are trying to make. The leak was available before that, but it isn't particularly relevant. The fact is that the exploit and the patch that fixes it have been about for a while, but the NHS wouldn't have had access to the patch as they stopped paying for support 3 years ago... The support was to keep windows XP updates going, as Microsoft said that serious security flaws will still be patched so the support was basically for nothing unless you wanted to run XP on the newest hardware. The money is better spent on moving those systems away from XP. But they didn't spend the money on moving away from XP. They continued to knowingly use unsecured computers.
|
|
|
Post by Robbo on May 14, 2017 16:41:51 GMT
The support was to keep windows XP updates going, as Microsoft said that serious security flaws will still be patched so the support was basically for nothing unless you wanted to run XP on the newest hardware. The money is better spent on moving those systems away from XP. But they didn't spend the money on moving away from XP. They continued to knowingly use unsecured computers. As said Microsoft still updates XP for serious security flaws, what makes you think windows XP is insecure? It's a very stable platform and has very stable code base.
|
|
|
Post by JohnV on May 14, 2017 16:49:50 GMT
I have tremendous sympathy for Hospital management.
One thing that seems to be being forgotten, is that when money is in short supply, it is very hard to justify spending money on computers against the possibility of them being compromised when it means NOT spending it on core functions like treating patients.
|
|
|
Post by Delta9 on May 14, 2017 16:54:28 GMT
But they didn't spend the money on moving away from XP. They continued to knowingly use unsecured computers. As said Microsoft still updates XP for serious security flaws, what makes you think windows XP is insecure? It's a very stable platform and has very stable code base. If you honestly believe that XP is secure there is no point in us continuing this conversation...
|
|
|
Post by Robbo on May 14, 2017 16:55:10 GMT
I have tremendous sympathy for Hospital management. One thing that seems to be being forgotten, is that when money is in short supply, it is very hard to justify spending money on computers against the possibility of them being compromised when it means NOT spending it on core functions like treating patients. Well 4 out 5 of the trusts weren't affected so these were either lucky or have better processes than the others. One things for sure is that these malware threats will be more common, and the networks will need to be designed to limit and contain damage (anti virus and patching only protects against know stuff) if not already.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on May 14, 2017 16:55:28 GMT
Isn't that what the Non-Exec Directors (i.e. Government in this case) are supposed to manage?
|
|
|
Post by Delta9 on May 14, 2017 16:56:06 GMT
I have tremendous sympathy for Hospital management. One thing that seems to be being forgotten, is that when money is in short supply, it is very hard to justify spending money on computers against the possibility of them being compromised when it means NOT spending it on core functions like treating patients. Also pretty hard to treat patients when your computer system is fucked because you stopped maintaining it.
|
|
|
Post by JohnV on May 14, 2017 16:59:10 GMT
I have tremendous sympathy for Hospital management. One thing that seems to be being forgotten, is that when money is in short supply, it is very hard to justify spending money on computers against the possibility of them being compromised when it means NOT spending it on core functions like treating patients. Also pretty hard to treat patients when your computer system is fucked because you stopped maintaining it. between the devil and the deep blue sea just thought a nautical expression should be used ..... after all it is a boaters forum
|
|
|
Post by Robbo on May 14, 2017 17:06:50 GMT
As said Microsoft still updates XP for serious security flaws, what makes you think windows XP is insecure? It's a very stable platform and has very stable code base. If you honestly believe that XP is secure there is no point in us continuing this conversation... Why do you think it is insecure? Windows 7 and 10 had the same flaw. Just because it's the latest and greatest doesn't mean it's more secure. Regular updates bring in unstable platforms and a moving target. I bet there has been more downtime due to IT updating systems and causing issues than this whole recent episode. As said above the answer isn't regular updates (although that is good), it's designing a network that will limit damage and easily recoverable. You don't know what is around the corner and you can't protect against everything.
|
|
|
Post by Robbo on May 14, 2017 17:08:16 GMT
I have tremendous sympathy for Hospital management. One thing that seems to be being forgotten, is that when money is in short supply, it is very hard to justify spending money on computers against the possibility of them being compromised when it means NOT spending it on core functions like treating patients. Also pretty hard to treat patients when your computer system is fucked because you stopped maintaining it. Yes it is, also harder to update systems when your application won't run on the latest system or worse gives incorrect results.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on May 14, 2017 18:07:52 GMT
Isn't that what the Non-Exec Directors (i.e. Government in this case) are supposed to manage? The board of an NHS trust (which includes non-execs) will normally set the spending priorities of the Trust. Funding for IT support and replacement of equipment will invariably be competing with multiple priorities including direct patient care and other 'high priority' needs. That funding will also determine the staffing an IT support function can afford. It's easy to understand why the Head of IM&T's case to a board for appropriate funding to meet all possible risks and threats might see little support when set against dying babies and treating cancer patients. I suspect things may be different in the future. ps non execs arent 'government' by the way.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on May 14, 2017 18:15:34 GMT
Isn't that what the Non-Exec Directors (i.e. Government in this case) are supposed to manage? ps non execs arent 'government' by the way. I am aware of the set up of the board. Can I ask what you or others consider the Governments role in the NHS is?
|
|
|
Post by Mr Stabby on May 14, 2017 18:16:42 GMT
True story. My ex is a nurse. She briefly was transferred to an office job in what hospital staff refer to as "carpetland", this was ostensibly a promotion although she didn't enjoy it and went back to ward work because as she put it, she became a nurse to get blood on her hands.
In the office, there were four computers, but only one was ever used. Towards the end of the financial year, all four were replaced with brand-new top-of-the-range computers, even though they were only a year old anyway. When she asked why they had received four new computers when only one was ever used, she was told "if we don't spend our budget this year, they'll cut it next year".
One of the best things we could do in this country is to make huge cuts in NHS spending, only no politician has the bollocks to say it.
|
|
|
Post by Delta9 on May 14, 2017 18:16:53 GMT
|
|