Amber Rudd’s NHS IT Shame

Today’s papers are almost of one voice on their lead stories: there has been a cyber attack on organisations across the world, which in the UK has manifested itself most obviously in its effect on the NHS. Many routine appointments and procedures have had to be postponed or cancelled. That is bad enough: what verges on the unforgivable is the attitude of one Tory minister who has tried to wash her hands of it.

Amber Rudd - bang to rights hypocrite

So what caused the problem? As the Guardian has explained, “Computers at hospitals and GPs surgeries in the UK were among thousands hit in almost 100 countries by malware that appeared to be using technology stolen from the National Security Agency in the US. It blocks access to any files on a PC until a ransom is paid”. It was software the NSA developed to take advantage of vulnerabilities in Windows operating systems.

Have a think about that: we know that organisations like the NSA have wanted companies like Apple to allow them to have a “back door” to their operating systems. Apple have declined the request, reasoning that once there is a back door, the potential for cyber criminals to get hold of the code is too great a risk. And Apple have been proved absolutely right in spades. But in the meantime, the blame game has started.

And at the front of that particular queue has been Home Secretary Amber Rudd, telling that the Care Quality Commission (CQC) “will be advising NHS trusts to move to modernise their platforms and I think that after this experience, I would expect them all to move forward with modernising”. Nothing to do with Government, move along here.

But Ms Rudd is being seriously disingenuous on two counts. One, the most obvious, the NHS, and by extension its IT systems, have been subjected to the same budget constraints as the rest of the public sector for several years now. That means those IT systems are running operating systems that are either no longer supported, or are not receiving security patch updates at the time they should be applied.

The patch to close the vulnerability exploited by the latest cyber attack is prosaically titled MS17-010, and was available in March this year. It should have been applied in the month-end update. But if the operating systems are no longer supported (like Windows XP) … you can fill in the blanks yourself. And Ms Rudd has a second count to answer.

She was one of those shouting the loudest - in, surprise, surprise, March this year - for companies like Apple to make that back door available. Her excuse was the Westminster attack. She was advocating making computer systems, and software, vulnerable - her reasoning was that it would allow the law enforcement agencies to access computers and other devices in an emergency. But it would also allow in the hackers.

So when she tries to wash her hands of the cyber attack that has paralysed so much of the NHS, one thing should be remembered: Amber Rudd wanted computers to be vulnerable to these attacks. She became particularly righteous about it.

Now we have seen what happens when computers are vulnerable, she is once again blaming someone else. It won’t wash. Amber Rudd is a disgraceful hypocrite.