The scale and impact of the "ransomware" attack on at least 40 NHS organisations is not yet clear.
But senior NHS staff and administrators say an ongoing interruption to computer and IT systems could paralyse patient care and make routine treatment impossible.
The Department of Health and NHS England are currently taking some comfort from the fact that as yet there is no evidence that patient records have been breached, but it may prove little consolation.
Like most businesses and public services, the NHS is reliant on IT to function.
Unlike many, however, it is running at close to capacity. Even minor interruptions to normal routine can have a major impact on the flow of patients through hospital.
:: LIVE - Ransoms demanded as cyberattacks hits NHS hospitals
A protracted shutdown of systems across the weekend and into next week could bring parts of the system to a halt.
For a service already under acute strain because of rising demand and staff shortfalls, it is another blow.
Assessing the impact of the attack is complicated by the fact the NHS does not have an overarching IT structure.
Hospital trusts have developed their own systems and security measures and have varying ability to communicate with other organisations.
:: NHS cyberattack: Full list of organisations affected so far
A disastrous attempt to develop a unitary NHS IT system was abandoned at a cost of more than £10bn, leaving a patchwork of systems.
That may explain why so far only around 20% of Trusts have been affected, though this number may rise.
What is clear is that systems have been fundamentally compromised.
Doctors and nurses at affected hospital trusts have been unable to access patient records, appointment systems, drug charts, blood tests, x-rays and other forms of clinical information.
Affected A&E departments meanwhile have been unable to use the electronic systems that are fundamental to communicating with ambulance crews, keeping track of patient admissions and discharges, and managing the all-important "flow" that prevents hospitals grinding to a halt.
Staff at affected city A&E departments will be braced for an even more challenging weekend rush than usual.
Some paper records do exist, but securely matching these to patients will be a challenge.
Because of concern over patient confidentiality, some trusts have stopped using full names on records in an attempt to improve "information governance".
Instead, patients are referred to at some trusts by a forename and an initial, accompanied by a patient number.
:: Sky News investigation discovers NHS trusts were putting patients at risk
One consultant told Sky News that they routinely worked with three computer systems open on their computer simultaneously: the Electronic Patient Record (EPR); a separate X-ray system; and another that holds records of certain specialist drug treatments.
Even sending out letters to patients is automated. At some trusts, doctors dictate letters to an audio device, upload the audio file to a system accessed by a transcription service in India, where staff type out the letter before sending it back using an encrypted system.
:: Hacking for cash: Ransomware threats on the rise
The more of these discrete systems that are affected the longer it will take to restore normal working.
Even establishing the scale of the damage is likely to tie up trusts for the weekend and possibly beyond.
NHS managers will hope that patient records remain secure. Were hackers able to tamper with ongoing drug prescriptions for example, this crisis could become one of patient safety as well as cybersecurity.
No comments:
Post a Comment