Upgrades to public health IT systems are seen as a cost not a benefit, which leads to vulnerabilities, according to the HSE’s former chief information officer.
Richard Corbridge oversaw a transformation in the HSE’s computer systems between 2014 and 2017. During that time he faced a ransomware attack called Wannacry, similar to that facing the HSE this week.
Now working in the UK, he said public health systems are frequently the target of these type of attacks
“I do think public systems that are connected do tend to be a higher target as they are often under-invested in,” he said.
When the immediate risk is over, he expects the systems will be upgraded to higher levels of security and patching.
But based on his experience, Mr Corbridge said installing effective updates is challenging across interconnected health IT systems.
And he said in some cases after the 2017 attack: “This was too expensive to do due to the nature of what IT does in healthcare.”
He said in the NHS the average age of a PC is estimated at seven years old, and mobile phones at nine.
“If the system is an old version of Windows but is running a CT scanner, you can’t easily upgrade the PC without upgrading the scanner,“ Mr Corbridge said.
And adding to the challenges this week, this latest attack is much more widespread than what the HSE successfully dealt with in 2017.
“WannaCry was targeted at old Windows solutions at the periphery ends of the system. GP surgeries and so on were the targets rather than the large server side of the systems, “ Mr Corbridge said.
He praised the open approach taken by the HSE since Friday, with regular updates through the media and HSE social media platforms.
“I can only imagine how hard the team are working right now on this,” he said.
He said the past few days would have involved contacting all users and administrators and carrying out an audit of the level of patch and system configuration to find weak spots.
The teams, he expected would have been working to break “connectivity from the weak spots to stop the problems growing.”