As the worst of the NHS Ransomware crisis fades, it’s time to try and take stock of what happened.
Firstly, SynApps Solutions is very concerned, and is here to help any NHS Trust or other healthcare organisation still struggling to beat off the WannaCry malware infection. As a proud supplier of information technology solutions to the national health Service, we were appalled by this vicious cyber attack, and our team is here to offer any advice needed over and above that provided by NHS Digital and NHS England to get you back up and safe.
However once the immediate aftermath is over, we have to think, as an IT community, about what to do to ensure it can’t ever disrupt our hospitals and GP surgeries again.
The key to that has to be modernisation. It’s definitely time to upgrade hospital architecture, and this is a problem that needs the joint, smart thinking and collaboration of the NHS, the Department of Health, the supplier base – and ultimately, the government.
All these stakeholders need to pull together to rebuild patient and citizen trust in our resilience and stability. There will be a financial aspect to this, ultimately. The XP holdover happened because both the government and many CCIOs just didn’t want to spend money. It’s tempting to stick to such platforms, as you will want to sweat the asset and extract as much value from it as you can over time – and, as we all know, the NHS has huge budgetary pressures these days.
But as the crisis has shown, it’s a false economy to keep putting off replacement of IT. It’s effectively leaving a back window open in your system stack that a malicious ill-wind like WannaCry can blow into. So, let’s address that.
Standards and great software design will help
We need to fix this because we’re just not going to get any real traction to what we all want, which is a digital-empowered NHS.
The good news is that no SynApps VNA or Integrated Digital Care Record clients were affected this month. That’s because content (be it DICOM image files or patient records) stored in ECM (Enterprise Content Management) platforms are protected against attack in multiple ways. For a start, content is stored in the server and separated from the desktop; so unlike with a mounted network drive, attack at the desktop level, in the style of WannaCry ransomware, would only affect temporary, local, copies and not have an impact of the master files stored in the server.
Even better, ECM version control always allows the roll back of any corrupted file to a proper version, so should an end user mistakenly upload a corrupted file the system can revert, safely, to where it should be. And finally, encryption at rest will stop any unauthorised access to the content
Another advantage of ECM-powered NHS suites will be their sound design. Written to the latest software engineering best practice metrics, and in our case firmly adhering to important international standards like CDA, it’s just a much safer bet to put your faith into something like this than an archaic, obsolete platform.
Perhaps it’s a bit too soon for some of you to be thinking like this, but ultimately we have to re-stabilise NHS IT and ensure it’s bulletproof from now on.
Look to ECM as one way to do just that. It can really help.
Gary Britnell
Head of SynApps Healthcare Practice