Tag: NHS

NHS email system borked by one idiot and 120 pedants

face palmThe NHS’s email system is under pressure after one idiot decided to send an email to everyone.

More than 1.2 million employees are currently trapped in a “reply-all” email hell.

To make matters worse, the email was just a test but it prompted a series of reply-all responses from annoyed recipients going out to all 1 million plus employees of the organisations.

The difficulty is that people cannot resist emailing replies to the thing to tell them to stop emailing, asking what is going on or asking to be removed from the mailing list.
So far there had been at least 120 replies so far — meaning that more than 140 million needless emails have been sent across the NHS’s network by pedants thinking they are doing the right thing.

Apparently, the network is running like an asthmatic ant with a heavy load of shopping.

The NHS Pensions department has resorted to Twitter to warn that if people need to contact it by email please be aware that there may be delays in responding due to an issue currently affecting all NHS mail.

NHS computer linked to malware

The UK’s National Health Service (NHS) website has been redirecting users to a malware-infested websites.

Reddit user Muzzers noticed that more than 800 pages of the NHS website were either redirecting users to an advertisement or malware-laden websites.

The NHS insisted that the website had not been hacked, but an ‘internal coding error’ caused the error. “An internal coding error has caused an incorrect redirect on some pages on NHS Choices since Sunday evening,” said NHS in a statement.

“Routine security checks alerted us to this problem on Monday morning at which point we identified the problem and corrected the code,” NHS added.

The coding error was due to a typo when a developer accidentally wrote “googleaspis.com” instead of “googleapis.com.” The typo was not noticed until the domain was registered by someone in the Czech Republic and used it to push malware.

The NHS has also revealed that once it ensures that the coding error has been resolved across the website, it will conduct a full review of the site and will put into place steps that will ensure that such issues do not happen again. 

Minister orders review after NHS computer chaos

Health secretary Alex Neil has ordered a review of NHS computer systems after a cock-up in Scotland.

More than 500 appointments and operations were postponed after servers at NHS Greater Glasgow and Clyde failed.

Over 459 outpatient appointments, 14 inpatient procedures, 43 day cases and 48 chemotherapy treatments were postponed over the last couple of days because doctors, nurses and administration staff were left unable to access vital clinical information, including patients’ records.

Neil told the Scottish Express that NHS Greater Glasgow and Clyde has fixed the “problem with the server” [surely there must be more than one, even in Scotland -ed] and started reloading users back on to the system.

No data was lost and half of the NHS users now have access to the system, and the remainder should have access soon, he said.

Neil promised that there would be a robust review of IT systems and backup systems across the health service.

The problem appears to be in the software. Experts have been despatched from Microsoft and Charteris to “try to get to the root cause of the problem”.

There have been the usual “leaves on the line ” apologies about the inconvenience.

Robert Calderwood, chief executive of NHS Greater Glasgow and Clyde said that the IT problems were “unprecedented”.

He said that, thanks to a lot of hard work from the IT department, the vast majority of the services have been maintained and around 7,400 procedures and appointments planned over the past 36 hours have gone ahead as scheduled.

For example, the vast majority of chemotherapy sessions went ahead although a small number of sessions were postponed.

Labour health spokesperson Neil Findlay warned the situation was “very worrying” because similar IT systems were used across Scotland.

He called for an an independent review of all of IT systems across Scottish health boards. 

UK's 'anonymous' health records are wide open

Ross Anderson, professor of security engineering at the University of Cambridge Computer Laboratory, told MedConfidential’s crowd how proposed ‘anonymised’ data is anything but.

Data on databases and anonymised will be stored without names, per se, but will still retain the patients’ post code and age, meaning that it is actually pretty simple to identify patients and those with sensitive records, such as people who are HIV positive.

Anderson pointed out that it doesn’t take much more than one family member or friend with access to patient records to get to that data, either. Considering how many people the NHS employs there are a lot of potential weak links. The emergency care system in Scotland allowed access to the health records of prominent political figures like Gordon Brown and Alex Salmond. The culprit was not prosecuted – as it was not ‘in the public interest’ – however, it could also be an embarrassing metric of the open nature of supposedly anonymised health records.

Although British Prime Minister David Cameron has promised health records will be anonymised, the anonymisation process seems like a cop out as it is still possible to access very private information. There is indeed an opt out, however, it is “like Facebook” – the defaults are wrong, the privacy mechanisms are “obscure” and they get changed whenever a lot of people learn to use them.  Efforts to exempt medical data from European data protection regulation are also underway thanks to the health market lobby.

Anderson concluded that a national system holding 50,000,000 records is too big a target, will be cumbersome, fragile and unsafe, and failures to properly protect privacy will have real costs in safety and access – particularly for the most vulnerable or at risk sections of societies.

Anderson also pointed out that hard data ‘thinks’ about people in a different way – it doesn’t take into account measured human behaviour, and can “look at you in a different, unmoderated way”. According to Anderson, for example, it can take just four Facebook ‘likes’ to determine the sexuality of a user. 

NHS magazine fingers Telegraph, Daily Mail in bogus iPad story

The NHS has accused he Daily Telegraph  and the Daily Mail  of deliberately inserting Apple adverts into a story which never mentioned them.

A story about tests on mice claimed that boffins have proved that if you used an iPad at night you would get depressed.

The yarn was based on an animal study that aimed to investigate the effects of abnormal exposure to light on mice. The Daily Telegraph implied that once mice started using iPads, listening to Coldplay and started to convince other mice that the technology was superior, they started to feel a little out of sorts at night.

The theory was that the iPads were exposing them to abnormal light patterns which were activating stress hormones, which the researchers say are linked to depression.

The NHS in house magazine looked into the claims and said that the conclusion is interesting because, unless the mouse starts listening to the earlier music of The Cure, it is jolly tricky to tell if the rodent is depressed.

While the NHS seems to think that the original study that the Daily Telegraph story is based on had some merits, it said that the actual iPad link appears to have come from the reporter’s heads.

The NHS magazine cannot work out why the Daily Telegraph, and the Daily Mail, who both posted the story, both mentioned iPads when the original research didn’t.

The magazine had an interesting theory that it was all to do with search engines.

It thinks that the term ‘iPad’ is one of the most searched for terms on the internet. A story containing the term will therefore rank highly on search engines.

In actual fact, even if mice did get depressed using an iPad, the study does not conclude that humans will go the same way.

The NHS report said that staying up all night using an iPad or laptop on a regular basis could make you sleep-deprived and this could make you depressed. However, so could a night out drinking and no one considers this much of a problem.

Remote patient care touted as saving the NHS £3.4 billion

Technology used to provide remote patient care could help save the NHS £3.4 billion every year, a report claims.

According to a report from the Confederation of British Industry, massive savings could be made by the beleaguered health service by making use of advances in mobile technology such as smartphones and tablets.

With the NHS looking to make giant cuts as the coalition waves its axe and slashes NHS budgets, the widespread use of technology could relieve some of the burden on staff.

£1.9 billion could be saved each year by remote working, for example.  This would mean minimising the amount of time that clinicians would spend travelling, filling in forms and checking records, according to the report, and would increase the amount of time spent with patients.

Community nurses could upload clinical information from a tablet or smartphone after each visit rather than having to return to their office regularly, the report suggests.

According to the CBI, interaction with patients through their TVs is another way in which bosses could drive cost cutting.

By using technology for telecare and telehealth another £240 million could be saved across the UK annually, the report claims.

Telehealth systems have already been installed by Newham Council, with staff interacting with patients through their televisions, reducing the need for physical contact and allowing them to remotely monitor patient well-being.

As the use of smartphones and other mobile devices is rocketing across the UK, patients connecting with health workers in this way may be a consideration for some trusts.

Facebook encourages user generosity with their kidneys

Not content with just harvesting data, Mark Zuckerberg’s enormous information mining operation is now looking into harvesting organs.

Well, not exactly. Facebook is going to enable an option for people to register as an organ donor through the social network. It is entirely optional as far as we can make out, and we haven’t been alerted to anything in the T&C’s about signing away access to your kidneys.

According to the NHS’ Blood and Transplant wing, roughly 10,000 people in the UK are waiting for a new organ. Although having an organ donor card does mean your ex vitals are legally up for grabs, if the family is too distraught at the idea then hospitals don’t proceed. But the NHS thinks that if people make it completely clear that they want their organs donated, families are much more likely to consent.  

It told the BBC that just half of registered organ donors ended up telling their families that they wanted to donate their organs after they died – and that the new registration process is an “exciting new way” to bring in donations. 

The NHS Blood and Transplant group’s director, Sally Johnson, told the BBC that Facebook is an excellent way to get people talking about turning their bodies into carveries after they croak. Johnson said that the group desperately needs more people to sign up – and the Facebook campaign should make that “as quick and easy as possible”. 

Facebook is hoping to launch similar schemes in a long list of other regions – but for now it also has plans in the US, Australia, and Netherlands. 

CSC to cut 640 jobs after botched NHS contract

Computer Sciences Corporation has announced it will cut 640 jobs, taking its total redundancies to 1,100 in the past two months.

Staff working on an NHS contract to create a national electronic database have been told that they will face compulsory redundancies.

CSC had been tasked with putting into place the ill-fated Lorenzo system, which resulted in the firm losing out on almost a billion pounds it was due to get from the NHS for the disastrous £12 billion project.  

Now CSC has announced that it will have to cut employee levels by 640 after prolonged negotiation over staff numbers on the NHS contract. 

This is despite claims from unions insisting that compulsory redundancies are not in fact necessary.

Unite claims that it has put a plan in place to avoid the necessity of redundancies, with sufficient numbers of staff already volunteering to leave the firm.   

The union labelled the cuts “wholly unnecessary”, and claimed that the firm was only concerned with lining its shareholders pockets.

Unite is also angry at the role of the National Outsourcing Association, which supported the job cuts.

Jobs of workers at the Chesterfield, Chorley, Leeds and Solihull sites will go. Unite hit out at CSC for ensuring the safety of jobs outsourced to India, where the union says they have been guaranteed “regardless of expertise or level of skill”.

CSC has claimed that the cuts are in fact due to a shifting landscape in the IT services market. 

CSC recently managed to wrangle a large Ministry of Defence contract, after being given the nod by the government to take the job off of HP’s hands.

Jimmy Wales turns Jimmy Whitehall

Wikipedia co-founder Jimmy “The Fish” Wales has landed in the thick of it with a Whitehall role – advising civil servants on new technologies to create an ’open source’ government.

Wales has been handed a job in the British civil service as an advisor to the government as part of a move to use the internet and other new-fangled technolgies in the workplace.

Whether we can now expect to see Jimmy ”the Fish” turning up in government departments to dish out Malcolm Tucker style grillings is yet to be seen. But we can at least hope he will flag strings of innacuracies and suspected plagiarism in upcoming whitepapers.

With the controversial NHS Bill on the way, members of the House of Lords will surely be on the look out for any cut and paste jobs or Wiki citations working their way into the final cut.

What Wales will specifically be doing is unclear so far. The Telegraph points to an advisory role, which should go some way to placating the Wikipedia boss after he was mistaken for Julian Assange by customs officers last year.

Wales’ unpaid role will centre around a democratic crowd-sourcing push by the goverment to open up policy-making to the great unwashed of Britain.  Such initiatives are laudable, and from a Coalition cost-cutting point of view, crowd sourcing policies would be lighter on the wallet than actually having to pay pension-demanding civil servants to come up with ideas.

Indeed, the government has also opened up commons debates with the opportunity for the public to start e-petitions.  So, it may only be a matter of time before ideas such as hanging everyone become central to government plans.

NHS must wake up to preventable data loss

Earlier this week it was revealed that the NHS lost 800 patient records on an unencrypted memory stick. This was just the latest in a series of data blunders that the NHS is known for. Critics say losing last set of records was wholly preventable, and excuses about resources or education do not carry much weight.

Kingstong Technology sells secure options to large organisations which by their nature handle sensitive data. Including USB sticks – which it actively dares hackers to crack. With this in mind, TechEye had a chat with Bernd Dombrowsky, Inside Sales Director for the EMEA region.

“You will find within the NHS and local councils and other public entities, as well asp rivate corporate environments, you will find really serious efforts to make sure that data is secure on USB stick,” Dombrowsky says. “Many NHS trusts have bought password protected USB sticks by the hundres and thousands.”

What, then, is the problem? Dombrowsky isn’t sure, either. “I cannot speak for the NHS in general,” he says. But it certainly is puzzling when “they spend money on, admittedly, a significantly more expensive USB storage device and buy that by the 100,000’s, then allow someone to go to Sainsburys and buy a USB that also works in their environment. It’s very likely not a budget and money issue.”

According to Dombrowsky, it’s probably an oversight. Or maybe, a “really, really poor compromise with users, who are saying – but I want to have the data where I have my family photos or whatever else.”

Then, if you let people bring in their own, private devices into the corporate environment, there’s automatically a gaping hole for it to fall out of sooner or later. “You download the data, and this wide open door is open in both directions,” Dombrowsky says. “We’re mainly concerned today about the data loss issue, that if you allow non-approved devices and non-managed devices to be plugged in and connected to the organisation’s network, it’s an open invitation for malware and viruses to be brought into the organisation.”

At least part of the answer is endpoint management, so you can see what ports or open, where and why. It’s a necessary partner to encrypted devices. What, exactly, is the point of buying the secure hardware if the IT system in place renders it moot? Dombrowsky believes without a proper network – especially for an institution that carries as much sensitive information as the NHS – simply checking the secure kit off a civil-service drafted shopping list won’t do.

“This trust, another one that just allows people to use drives that are non-secure, which then can be read if they get dropped in a car park or a pub,” Dombrowsky tells us. “Though they have taken steps, and spent money to buy secure drives, that is not good enough. You need to do both things. You need to buy secure drives and put the software in place.”

Not only that, but to Dombrowsky there are some other questions that need looking at. And it goes beyond someone dropping a USB stick and someone else picking it up – “what the heck are you doing carrying around my personal data?” and “why are you taking this out at all?”

“I can relate to the need to have data portable within the organisation, maybe between different buildings, but you need to address this in the staff training up front,” he says to TechEye. “Would you have any justifiable reason to carry hundreds or thousands of patient data sets home? I don’t think so.”

The NHS trust this time, for Surrey and Sussex, claims it does train staff and it takes patient information extremely seriously. When the story broke, a representative from privacy advocates Big Brother Watch claimed the training is “clearly inadequate”. There’s another way to look at it, according to Kingston’s Dombrowsky, and that lies in the relatively recent nature of working with USB in a professional capacity – for the average member of public.

“Kingston started selling USB sticks in 2004,” he tells us. “You go back only a decade – anyone who becomes a consultant today started their medical training when there were no USB sticks around. So where in their medical training have they heard about where the danger with the technology begins?

“The benefits are obvious to you. It’s intuitively obvious. But I think you need to make an extra effort as an organisation to trade on the risks and the risk management.

“I was amazed just how many stories there are from just the last two or three months about these organisations having their data loss issues”.