Comments on: One in five NHS trusts were hit by Friday’s cyber-attack

By: Dan

Dan — Mon, 15 May 2017 13:47:46 +0000

In reply to Darren. This isnt true in all cases and depending on the nature of the attack could be subverted as the especailly if the same policies /controls are not enforced locally. Its certainly more than a coincidence.

By: Darren

Darren — Mon, 15 May 2017 10:33:10 +0000

Local email is generally routed via the NHS relays and subject to same mail hygiene systems as NHSmail. Both are managed by NHSD and Accenture.

By: K

Mon, 15 May 2017 06:38:12 +0000

In reply to Dan. I think the simple answer is IT/informatics wasn't given enough priority or was funded adequately. You don't have to far back on this site to see common patterns emerging (and these aren't just IT) in a number of NHS regions and trusts.

By: Dan

Dan — Sun, 14 May 2017 12:46:35 +0000

Here are a few things that I think they will find given my experience of the NHS :

Using local email systems instead of the national system allowing malware through.
Failing to have a proper patch / update regime.
Insufficient network controls/segmentation allowing proliferation.
Failure to properly firewall legacy devices / systems.
Not using least privileges.