Search the Community
Showing results for tags 'nhs'.
Found 4 results
Top military officers talk about response thresholds at French shindig FIC 2020 Western military alliance NATO could have reacted with force to the 2017 WannaCry ransomware outbreak that locked up half of Britain's NHS, Germany's top cybergeneral has said. During a panel discussion about military computer security, Major General Juergen Setzer, the Bundeswehr's chief information security officer, admitted that NATO's secretary-general had floated the idea of a military response to the software nasty. General Setzer said: "The secretary-general of NATO talked last year [about]... the WannaCry attack of 2017, [which] especially had consequences for hospitals in the UK, could also be a subject for the NATO." The German army officer said this supported the idea that military thresholds for responding to hacking attacks should be deliberately vague, adding that just because someone hacks you doesn't restrict you to only hacking them as a response. He said: "If we are talking about this special domain [of cyberspace], then if you go with military means, as an answer, the threshold doesn't mean you have to answer in the same domain. It's the risk of the opponent, what is your answer if you decide [an attack on a computer network] is above the threshold?" The wider discussion focused on military cybersecurity challenges. Major General Rafael Garcia Hernandez, chief of Spain's cyber defence command, said that his soldiers were meeting their French counterparts to learn from each other. He added the meeting was "not just the commanders. No, no, the technical people too… we are quickly learning what cooperation means." In the compartmentalised world of military network security, such meetings and idea-sharing sessions are relatively rare – especially when compared to the private sector. Some countries are nervous about revealing exactly how they get their information, as Captain William Wheeler, US Cyber Command's director of plans and policy, explained. Wheeler, formerly a US Navy pilot before joining the tech industry, said: "In the cyber world, many times we run up against challenges with sharing some of the information from an intelligence collection standpoint. But when you think about it, do I need all that information or do I just need the basis – pieces of information [from which I can] take action?” The American also shed some extra light on US Cyber Command's concept of "persistent engagement", which he said was "defensive in nature" and consists in part of "continuously looking for those cyber actors trying to do harm". At the invitation of a host government, Capt Wheeler said, US military cyber teams "go out and work with them to operate on their networks, to look for this type of... malicious cyber activity." Once they find something of interest, they "collect that malware, that information, and bring it back, be able to share that with commercial industry who can then get it out to everyone." As for the Huawei 5G kerfuffle in the UK and the EU earlier this week, the captain declined to be drawn on Chinese policy specifically but, in his upbeat southern US drawl, said: "I will tell ya this. The relationship that the European partners have with the US on the military side is absolutely outstanding. We realise we've got to work together and we'll find a way." Source
steven36 posted a topic in Software NewsJust over one million computers in the NHS are still using Windows 7. With less than half a year to go before support ends for Windows 7, about three-quarters of computers in the UK's National Health Service (NHS) are still running the OS. Just over one million computers in the NHS are still using Windows 7, according to a written answer from the Department of Health and Social Care. Having so many machines still running Windows 7 is a problem, according to Jo Platt MP, shadow cabinet office minister, as the end of extended support in January 2020 will mean no more fixes and patches without a costly custom-support deal. "With less than six months before Windows 7 support expires, it is deeply concerning that over a million NHS computers, over three quarters of the total NHS IT estate, are still using this operating system," she says. Platt drew attention to the WannaCry attacks on unpatched computers in 2017, which disrupted NHS systems and led to almost 20,000 appointments being cancelled, with the total cost to the NHS estimated to be around £92m. "The WannaCry cyber attack two years ago starkly proved the dangers of operating outdated software. Unless the government swiftly acts and learns from their past mistakes they are risking a repeat of WannaCry," she says. Answering Platt's parliamentary question, Jackie Doyle-Price, then parliamentary under secretary of state for mental health, inequalities and suicide prevention, said that while 1.05 million NHS computers were still running Windows 7, the migration process to Windows 10 was underway. "All NHS organisations, with the exception of one which had already upgraded to Windows 10, have signed up to receive Windows 10 licences and Advanced Threat Protection," she wrote. "Deployment of Windows 10 is going well and in line with target to make sure the NHS is operating on supported software when Windows 7 goes out of support in 2020." However, while Doyle-Price suggests the NHS will stop using Windows 7 before the 2020 deadline, the government chose not to answer a separate question from Platt about whether it was in talks with Microsoft about a custom support deal for Windows 7 post-2020. The government also faced further criticism for a minority of NHS machines still running Windows XP, Microsoft's 2001 operating system that went out of support five years ago. Despite the risk of running these Windows XP machines, Doyle-Price said it was not "not possible to set a timeframe for complete removal of Windows XP from all NHS machines". "This is because removal is not always possible, particularly where Windows XP is embedded in medical devices," she wrote. "All NHS organisations have been given guidance on how to mitigate the risks if they cannot completely remove Windows XP from their estate, for example, they can segregate the affected machines from the network. They can also contact NHS Digital for further bespoke advice and support to mitigate risks." She says additional management, monitoring, and risk mitigation was provided via the NHS's Data Security and Protection Toolkit (DSPT). Last year the Cabinet Office confirmed that government does not centrally track the number of Windows XP computers operating across the public sector. While Microsoft ended extended support for Windows XP in 2014, the UK government paid £5.5m for a year's extension to April 2015. The problem of public bodies using operating systems long after support ends is not limited to the UK, in 2015 the US Navy agreed to pay Microsoft millions to keep supporting Windows XP post-2014. Source
steven36 posted a topic in General NewsThe UK’s National Health Service has been ordered to stop buying more fax machines. It also must stop using the machines entirely by April 2020, as part of an effort to modernize the healthcare organization. More than 9,000 fax machines are in use by the NHS, a July survey found. All will be replaced by email, according to a report from the BBC. The shift, ordered by UK health secretary Matt Hancock, is intended to improve patient safety and make communications more secure. Rebecca McIntyre, a cognitive behavioral therapist, told the BBC that using fax machines made it difficult to ensure patient’s information was actually sent to the right place, and that it wasn’t being seen by non-authorized people. ”You would not believe the palaver we have in the work place trying to communicate important documents to services (referrals etc),” she said. “We constantly receive faxes meant for other places in error but this is never reported.” Fax machines have stuck around in a digital age due to legal requirements in the healthcare and legal systems. While only certain kinds of signatures can be accepted over email, fax is a legally-valid method of sending a signed document. “Most other organisations scrapped fax machines in the early 2000s and it is high time the NHS caught up,” Richard Kerr, chair of the Royal College of Surgeons’ commission on the future of surgery, told the Guardian. Source
Reefa posted a topic in Security & Privacy NewsAs part of a deal between NHS Digital and Microsoft, NHS organisations will be able to get a threat detection service, alerting them to any cyber security issues. NHS Digital aims to “further bolster protection” against cyber security threats with a threat detection service from Microsoft. As part of a deal between Microsoft and NHS Digital, NHS organisations will have access to an alerts system from the supplier, which detects cyber security issues within an organisation, from system-wide problems down to those in individual devices. The threat detection service, which uses several sources of information to provide cyber threat reporting, has already been piloted at Blackpool Teaching Hospitals NHS Foundation Trust. So far, it has been rolled out on 30,000 machines, and once deployed fully, it will cover up to 1.5 million devices across NHS trusts and GP practices. NHS Digital security director Dan Taylor said the deal will “further bolster protection against cyber security issues in the NHS”. He added: “It is our role to alert organisations to known cyber security threats and advise them of appropriate steps to minimise risks. This marks a step-change in our capability to provide high-quality, targeted alerts to allow organisations to counter these threats and ensure patients’ needs continue to be met.” NHS Digital also runs its own CareCERT service, which provides advice and guidance, as well as data security assessment and a data security helpline. The latest deal is part of a wider cyber security support contract NHS Digital signed with Microsoft in August last year, following the WannaCry attack. Although not particularly targeted at the NHS, health and care organisations in England were hit hard by WannaCry, which affected 81 trusts and 603 primary care organisations. In the months following the attack, the NHS was criticised for not having proper protocols and systems in place to deal with cyber threats. Last October, a National Audit Office (NAO) report found thatthe NHS could have prevented the attack if it had followed basic IT security principles. At a CW500 event last year, NHS Digital’s Taylor said many NHS trusts had more than 50 different systems, including old legacy systems, and it was not a simple matter to patch across all those systems and keep the clinical systems afloat. The NHS is great at patient care, but cyber security is often seen as a lesser priority, he said. Following the attack, Taylor said NHS organisations had begun to wake up and realise that not having data security in place could impact patient safety. “The huge lesson [with WannaCry] for provider services in the NHS was just how much patient-facing services were built on technology,” he said. source