IT upgrades 'seen as a cost', says ex-HSE tech head

The HSE’s former chief information officer Richard Corbridge said 'public systems that are connected do tend to be a higher target as they are often under-invested in'
IT upgrades 'seen as a cost', says ex-HSE tech head

Upgrades to public health IT systems are seen as a cost not a benefit, which leads to vulnerabilities, according to the HSE’s former chief information officer.

Upgrades to public health IT systems are seen as a cost not a benefit, which leads to vulnerabilities, according to the HSE’s former chief information officer.

Richard Corbridge oversaw a transformation in the HSE’s computer systems between 2014 and 2017. During that time he faced a ransomware attack called Wannacry, similar to that facing the HSE this week.

Now working in the UK, he said public health systems are frequently the target of these type of attacks 

“I do think public systems that are connected do tend to be a higher target as they are often under-invested in,” he said. 

And therefore patching and upgrades are seen as a cost rather than an investment and often are let run longer than they should.” 

When the immediate risk is over, he expects the systems will be upgraded to higher levels of security and patching.

But based on his experience, Mr Corbridge said installing effective updates is challenging across interconnected health IT systems.

And he said in some cases after the 2017 attack: “This was too expensive to do due to the nature of what IT does in healthcare.” 

He said in the NHS the average age of a PC is estimated at seven years old, and mobile phones at nine.

“If the system is an old version of Windows but is running a CT scanner, you can’t easily upgrade the PC without upgrading the scanner,“ Mr Corbridge said.

And adding to the challenges this week, this latest attack is much more widespread than what the HSE successfully dealt with in 2017.

“WannaCry was targeted at old Windows solutions at the periphery ends of the system. GP surgeries and so on were the targets rather than the large server side of the systems, “ Mr Corbridge said.

He praised the open approach taken by the HSE since Friday, with regular updates through the media and HSE social media platforms.

“I can only imagine how hard the team are working right now on this,” he said.

There is some amazing talent in the HSE’s office of chief information officer that are able to make quick, hard but important decisions and that is seen by the reaction they have made.” 

He said the past few days would have involved contacting all users and administrators and carrying out an audit of the level of patch and system configuration to find weak spots.

The teams, he expected would have been working to break “connectivity from the weak spots to stop the problems growing.”

More in this section

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day.

Puzzles logo
IE-logo

Puzzles hub

Visit our brain gym where you will find simple and cryptic crosswords, sudoku puzzles and much more. Updated at midnight every day.