japolia - Fotolia
Windows 7 upgrade haunts health service tech vision
Windows 7 issues at the NHS are making headlines, 15 months after the release of the review of how legacy IT was exploited by the WannaCry attack
There is now less than three months to go before Microsoft pulls support for Windows 7, yet in one recent newspaper story, a GP described how logging into her surgery’s Windows 7 PC took 17 minutes.
In the February 2018 report, Lessons learned review of the WannaCry ransomware cyber attack, William Smart, then chief information officer for the Health and Social Care System, noted that the majority of NHS devices infected by WannaCry were running the supported, but unpatched, Microsoft Windows 7 operating system. Smart said there were plans to remove or isolate unsupported software in the NHS – including XP by 18 April 2018, and Windows 7 by January 2020.
In April 2018, the Department of Health and Social Care signed a five-year deal with Microsoft to provide NHS organisations in the UK with free access to Windows 10, to help the health service migrate to a more modern desktop IT environment. But Windows 7 appears to be embedded in certain systems in healthcare, making a switch to the newer operating system complex. For example, there may be incompatibilities in upgrading these systems to Windows 10, or the healthcare systems are not supported on Windows 10.
In a speech at the Royal College of General Practitioners on 24 October, health secretary Matt Hancock described his vision for a technology-enabled health service. “Modern tech allows for modern ways of working and living,” he said. “It helps with recruitment and retention. And, above all, it means we improve access for patients: digitising paper records, real-time and secure access to records for GPs and patients, IT infrastructure that works, interoperable systems as standard, electronic prescribing to complement the millions of people now accessing GP services digitally.”
According to Hancock, by making all technologies operate correctly will enable healthcare professionals to deliver better care for people.
But this healthcare technology roadmap faces numerous implementation challenges, partly because of the legacy systems that exist across the health service. Speaking of his experiences working with NHS trusts, Ben Simpson, senior software asset management consultant at License Dashboard, said: “A lot of organisations in the public sector are limited by line-of-business suppliers that have not made their products ready for Windows 10.”
As is frequently the case in other sectors, healthcare organisations often negotiate favourable terms for long-term contracts, which limits their ability to find alternative healthcare technology providers if the incumbent does not choose to update its software to the latest Microsoft operating system. Simpson said organisations may choose to defer upgrading, and run an unsupported operating system instead of upgrading to Windows 10.
Read more about NHS IT strategy
- The NHS’s previous IT supplier framework for GPs – composed of just four suppliers – will be replaced by a pool of nearly 70 IT companies.
- Common technical standards, modular contracts and a fintech-style regulatory model will underpin the new approach to technology in the health service in England.
Andrew Brickell, area director at Ivanti, said: “A dependency on legacy technology is a dangerous game to play as it leads to the risk of cybe rattacks. These could come in the form of the breach of sensitive, personal data belonging to the public, leaving the organisation liable for a hefty GDPR [General Data Protection Regulation] fine.
“Also, with a cyber attack often comes a damaging IT outage, a situation that the NHS has been in before. Think back to the WannaCry attack of 2017, which saw over 19,000 appointments and operations cancelled with devastating effect over the course of a week-long IT outage. This cost the NHS £20m directly and £72m during the aftershock.”
Brickell added: “An IT outage is not the only way that patients can be affected by poor IT used by the NHS. It is unacceptable that log-in times are as long as 17 minutes when you think about how much time doctors are wasting each day – especially if they have to move around and log in and out of different PCs. Healthcare is a critical industry, so anything that is impacting patient care should be heavily assessed and improved where necessary.
“For optimal efficiency and cyber security, the NHS should not only ensure that devices are patched quickly, thoroughly and effectively, but also implement an endpoint and workspace management tool that will allow easier migration to Windows 10 and more efficient working.”