Like many people, from time-to-time, we (I) have had cause to call on the NHS to seek care, resolution and treatment for both minor, and serious aliments – in my case the latter. Here, from my own experience with this organisation I can only find praise for their dedication, commitment, professionalism, and the excellent service they supply – and my own position on the NHS is, they are top class, and given the underfunded and political landscape they work within, I can only stand back and look on with admiration.
Where I get frustrated however, is not with the NHS at Hospital level, but with their front-line services at the GP level, and with those who provide the support for systems and infrastructures outside of the medical-device domain – AKA the implementation of IT at the level of community surgeries.
Let me start here with my own experience of my local GP. I was sitting in the GP waiting room when one of the receptionists said, ‘I have just overwritten a record’, which was rewarded by a comment from another team member who replied ‘Don’t worry we can input the data again later’ – I am assuming here nothing got lost in that successful overwrite transaction! However, when attending one of the other interconnected GP outlets, where they were undergoing Building Maintenance, the electrical team were in the process of installing some additional electrical circuits and kept taking the power down and then bringing it back – on multiple occasions – Power back-on, systems booting up, only to encounter another power-off mid-boot. And as I sat pondering on lost records, and the power on/off situation, with the added potential to corruption to both system and any other operation in a critical write mode, I started to realise just how little errors can occur in big life implicating moments. And I was hopeful that, no patch updates were in progress to O/S, or records at the time of the power on/off dance. Add to this the fact that the VOIP Call Manager was also in up/down mode, and one may just start to imagine how those repeat prescription the GP put on the system may get lost (personal experience), or why a medical record has not been fully furnished with the most up-to-date append data. I guess it is here where, even the GP Practices are supposed to be IT experts in order to operate at a sustainable level – maybe some deployment of a capable UPS would not go amiss.
On another occasion the IT operative stated when looking at the PC VOIP Call Monitor – ‘I hope it does not reach 6 calls on hold, or the system will crash, and we will have to reboot it’ – making me aware now why, on occasions the call which is in wait mode may take too long to pick-up! When it came to the on-line booking system, I was also privy to a conversation (yes you guessed it ‘IT’ is dominant) which eluded to the fact that, some bookings taken on-line were not always being reflected on the in-house system, and thus even more confusion would seem to be occurring!
I then looked at the latest NHS app which is being developed for wider use within the end user NHS community. When I eventually got subscribed, I decided to give the service a try – but to date, the only point I have ever managed to reach is a screen which tells me that there was an error – see below – I gave up:
OK, so nothing is perfect, but looking back at that Ransomware attack in 2018 which denied patients with life threatening conditions their much-needed treatment – mostly down to the logical exposure caused by out-of-service systems, installed with unpatched (out of support) Windows XP and just maybe the picture becomes a little clearer.
My bottom line on the NHS is, the front line medical staff are as good as they can get, and in my experience the front line medical life saving devices are the pride of our Heath Service – and as for the Professors, Consultants, Doctors, Sisters Nurses and Support Staff, they are of high quality and are focused on what they do best – caring and treating patients. Maybe it is time for those who are incumbent on supporting the top-level quality mission with IT support to move up a notch, and to provide the service this excellent institution well deserves.
John is the Principle at Shadow-Intelligence (Si), partnering with PALISCOPE, BreachAware and iStorage. He is a Visiting Professor at the School of Science and Technology, Nottingham, Trent University (NTU) and holds the appointment of Editor in Chief for the International Journal of Cyber Forensics and Advanced Threat Investigations (CFATI). For the last decade he has delivered training courses in the Middle, and Far East to Commercial, Industrial, the Financial Services Sector, and Military Agencies, including the UAE, US, Pakistan, Saudi Arabia, Malaysia (KL), Singapore, Argentina, and Sao Paulo
He served in the Royal Air Force 22 years’, specialising in Counterintelligence, working with UK Agencies such as GCHQ/CESG, and others in the fields of SIGINT, COMINT and Satellite Communications, holding appointments such as System ITSO for a CIA SCIF.
In the commercials sectors of IT/Cyber he has worked for/with Logica, Bae, T5, GM, Experian, Betfair, Palace of Westminster, House of Lords/Commons, TSol (Treasury Solicitors) and provided Consultancy to the Saudi Arabian MOD, TRA (Telecommunications Authority (Dubai) and the Military Academy of Malaysia (KL) on SOC, CSIRT, Digital Forensics and OSINT. Within the last 5 years he has focused on Geopolitics, with global expertise around the UAE and Russia, Anti-Terrorist Operations (ATO), Cyber-Warfare, Dezinformatsiya (Disinformation) and Maskirovka (Military Deception).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.