Consultant warned of ransomware attack

Leading healthcare IT consultant Dr Saif Abed (pictured) must have experienced an acute bout of déjà vu when reports of the ransomware attack on the NHS began filtering through from such disparate sources as hospitals, GP surgeries and even pharmacies.

Dr Abed, a founding partner of consultancy AbedGraham, had blogged back in August last year – under the chillingly prophetic title Ransomware will kill a patient – that such software was a major threat because of the procedures it could disrupt.

He wrote: “A lot of attention has been paid to ransomware and other cybersecurity attacks over the past 12 months in healthcare, especially so in the US and with a particular focus on medical identity theft and fraud.

“However, that is nowhere near being the biggest risk. In the UK and Ireland, healthcare IT maturity is increasing with the adoption of electronic health record systems, mobile clinical applications and ePrescribing/charting.”

Following the attack he called for a forensic inquiry into what went wrong so the NHS can deal with the clinical and patient risk issues it exposed.

In an interview with Building Better Healthcare, he explained that many trusts are still running an old operating system, Windows XP: “It has exposed a big lack of investment in the NHS in board-level engagement in IT issues, in IT leadership, in basic infrastructure and in staff training. We need a forensic investigation into this, in part to avoid inappropriately blaming specific bits of software, or people.

“Also, if we see this as only a technology issue, we run the risk of not seeing the situation for what it really is: a clinical risk and patient safety issue.”