NHS, ransomware and nuance

You know the facts: ransomware, the NHS, attack vectors, bitcoin demands... and the more important consideration that real people were really affected by the egregious attack over the weekend.

Naturally lots of people have things to say, and I am all too aware I am adding to that pile. Fortunately I can speak from the perspective of an organisation (it's BCS, The Chartered Institute for IT) that has active involvement in both the cyber security space and health.

What is needed to address the sort of problems we've witnessed this weekend is not a Dunkirk-spirit-inspired rescue, where big-name organisations jump in and help the poor old NHS, however philanthropically.

It's not about the flood of tips I have had into the editorial inbox on technical solutions. They are valuable in their way - for individuals and businesses, large and small - but not the real issue.

The issue is systemic. And BCS's profile across security and health demands a considered, dare one say, a nuanced, response. It is on the way.

It won't be today, but the issues are clear with the brief and reach BCS has into the relevant communities. And in our willingness to be part of a solution that encompasses working with all the relevant stakeholders, not competing for notional political or commercial ground.

Watch this space.

In the meantime, BCS members can express their views and experiences at:

NHS versus ransomware - the dangers of cure by tickbox

Join the conversation.

And for useful resources from BCS and beyond check the Cyber security hub

Comments (3)

Leave Comment
  • 1
    Howard Gerlis wrote on 22nd May 2017

    It was NOT just restricted to the NHS or indeed the health community. It was far wider than that.

    You've been far too influenced by the "popular" press and media.

    Report Comment

  • 2
    Adrian Firth wrote on 22nd May 2017

    Why focus only on health? Infosec should be part of a strategic approach to product/solution/service/process/infrastructure design.

    Traditional strategy and design methods mostly date back many years, while a modern infosec framework (like the usual CIA formulation) dates only to around 2002.

    Report Comment

  • 3
    david holdsworth wrote on 1st Jun 2017

    I would question whether Windows is fit for use in safety critical systems

    Report Comment

Post a comment

About the author

Brian is Head of Content at BCS and blogs about the Institute’s role in making IT good for society, historical developments in computing, the implications of CS research and more.

See all posts by Brian Runciman

Search this blog

December 2017
M
T
W
T
F
S
S
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31