In 2015, Tim Kelsey, a former Government NHS tech adviser, told the story of how a doctor said to him: “Patients did not want computers and nor did he.”
This traditional mindset may explain why in 2015, hospitals across the country still spent more than one million pounds a year carting around records with staff driving around trucks of paper.
This is not for a lack of available health tech innovations that are proven to improve care, cut costs and save lives. However, despite their availability, the health service still lags behind and its technical deficiencies were displayed for all to see last week when the largest recorded ransomware outbreak crippled several NHS trusts.
While not the only target of WannaCrypt – infecting 230,000 Windows PCs in 150 countries – NHS trusts have been exposed for their negligent approach to protecting patients’ confidential data, allowing hackers an all access pass for years.
The alarm bells have been ringing since 2015, when the Government expired its contract with Microsoft to update Windows XP in a cost-saving exercise. A special year-long framework was put in place for NHS trusts to update their systems, but instead it seems that the allocated funds were spent elsewhere.
Indeed, a recent Freedom of Information request revealed that NHS trusts spend an average of just £23,040 a year protecting systems, despite £4.2 billion being allocated for technology in 2016.
A separate FOI request last December put the number of NHS trusts with some exposure to outdated and insecure Windows XP as high as “nine in ten”, in a direct contradiction to the Government response that said “fewer than five per cent of trusts used XP now.”
A failure to act provoked repeated and sustained calls for action, including from the Care Quality Commission’s Chief Executive, the National Data Guardian and most recently Dr Chinthapalli, who only last week wrote of the impending threat, with a “third of NHS trusts in the UK already reporting a ransomware attack.”
It’s clear that the blame rests with the suspected hackers, but in times of crises, the Government must step up, accept responsibility and take action. For too long, responsibility has been allowed to pass across Whitehall and the NHS, without any political grip on the situation, or digital expertise within the cabinet.
When lives are at risk, it’s particularly galling to see the Government point the blame, instead of acknowledging that more must be done to tackle the challenges of our digital age and the threat of cyber-attacks.
A positive step-forward would be the appointment of a new digital cabinet minister to fast-track the level of political leadership required to both confront digital challenges and embrace the opportunities.
Both have been significantly underrepresented at the top of Government and lie unnoticed by political leaders with the decision-making power. The result is that there have been separate responses from three different cabinet ministers, when we need one stable, assured political voice.
While there are many in the next cabinet who may share the doctors’ sentiments that they would rather do without computers, this is not the world we live in.
To continue to ignore the warning bells at the top of Government is a grave rejection of responsibility and puts the safety of our whole country at risk.