Centre for Information Ethics and Public Policy



Statement Regarding the Hacking of NHS Computers by Ransomware

The current impact of ransomware on the NHS is a direct result of the Conservative government’s austerity agenda and that endorsed by its immediate Coalition predecessor. The vulnerability of the NHS reflects the fact that many of its machines are running the ‘ancient’, unpatchable XP OS. Most machines could probably run patchable Windows 7 or 8.1 (which have extended support cut-offs in January 2020 and January 2023 respectively that, with some reasonable negotiation, might be extended further) or Windows 10 with some modest hardware upgrades. There is also a serious debate to be had as to whether an open source version of Linux, such as Ubuntu or Mint, rather the Microsoft Windows should provide the backbone of NHS computer systems.

IT procurement and maintenance in mission-critical environments in the UK has been at best inadequate and at worst lamentable. This, combined with a woeful record in the rollout of superfast broadband and G4 and G5 mobile telephony, indicates a pitiful understanding on the part of Government of the pivotal role of IT on modern economies.

How can the Government get back on track in this area? Possibly by scrapping HS2 and diverting some of the money to alternative transport infrastructure projects with the rest going to cost-efficient, future-proofed IT renewal. But also by stepping back from the uncosted madness of Brexit which is likely to have a catastrophic effect on the future development of advanced information and communication technologies in the UK.

Director of CIEPP

Dr Ian Kenway