Intended for healthcare professionals

Views And Reviews No Holds Barred

Margaret McCartney: The NHS needs big, firm IT pants

BMJ 2017; 357 doi: (Published 16 May 2017) Cite this as: BMJ 2017;357:j2352
  1. Margaret McCartney, general practitioner
  1. Glasgow
  1. margaret{at}

A massive spread of “ransomware” has infected computers around the world, including many in the NHS. Operations have been cancelled, many test results can’t be accessed, and investigations such as x rays have been made near impossible1—all as predicted in The BMJ last week.2

Essentially, hackers infect old computer operating systems, which are still used in much of the NHS. Many similar attacks have occurred before,3 if less well publicised, and many more are likely. Some US hospitals have actually paid ransoms amid great fear, in particular, about litigation resulting from theft of medical records. Natural disasters are one thing, but electronic disasters may not be far behind. An infrastructure meltdown involving power, healthcare, communications, and transport could effectively disable a country.

The question of apportioning blame is now unfolding. Amber Rudd, the home secretary, says that the NHS “must learn” from this and upgrade its systems.4

“We have known for a number of years that this is one of the most dangerous threats to this country,” she told the BBC, insisting that the government was investing in cyber security, etc etc (Jeremy Hunt’s absence from the media immediately after the ransomware attack was notable).

Something Must Be Done. But, apart from telling your 1.7 million staff not to open dodgy looking emails, just what is that “something”? It’s investment, but investment in the right things.

This is a system failure of the “fur coat and nae knickers” variety. This expression—charmingly used by Glaswegians to explain the showy, attention seeking nature of some Edinburghers who exhibit a superficial layer of glamour while lacking the necessary foundation garments (conflict of interest: I’m from Glasgow)—exemplifies the NHS’s attitude towards technology.

Hospitals looking at the abyss of financial balance sheets under austerity-onomics are unlikely to have viewed the updates as affordable

Windows XP was released in 2001, but the Department of Health stopped making payments for updates in 2015.5 This may have saved £5.5m a year centrally,6 but hospitals looking at the abyss of financial balance sheets under austerity-onomics are unlikely to have viewed the updates as affordable once they had to fund them themselves.

We keep skimping on the basics. Some £8m was thrown at before it was scrapped,7 and telehealth has cost millions but failed to save the money promised.89 And we may have all but forgotten HealthSpace,10 an early electronic record ditched in 2010 after patients described it as neither useful nor easy to use.

The NHS is throwing money at showy, attention seeking IT projects while it fails to invest in the basics—and, here, in keeping software updated. There are many possibilities as to what the NHS might do with computers and data—but we need big, firm, all embracing pants underneath it all.



View Abstract