We have to get better at the cyber
As noted cybersecurity expert Donald Trump warned just last year, we all have to do better on the cyber, and we certainly have to get tough on cyber and cyber warfare. As the self-described father of a 10-year-old who is unbelievable at the cyber, Mr Trump accepted that it “might be hardly doable” because the security aspect of cyber is very, very tough, but nonetheless we do have to try.
Quite right, Donald. Just last week we were discussing in these very pages the global fright caused by the WannaCry scare, and we asked the local health IT industry if it thought our hospitals were prepared for a large-scale ransomware attack.
The answer was an overwhelming no, with just five per cent of you saying our hospitals were prepared. And then just yesterday, we began to hear about a looming catastrophe of Queensland Health payroll-sized proportions when that august journal of record, The Courier Mail, heard about a bit of a problem with hospital software and naturally decided to blow it out of all proportion in a story originally titled “Ehealth system's massive computer failure”.
While the exact cause of what appears to be a 'hiccup' that is affecting clinicians' attempts to log in to the electronic medical record is not yet clear, eHealth Queensland CEO Richard Ashby seemed reasonably certain yesterday that it was because security measures had been ramped up in light of WannaCry. We'll see what happens in the coming week but it seems to be a minor inconvenience rather than a serious problem.
It was good to see Queensland Health Minister Cameron Dick front up with Dr Ashby to explain the situation, although as it happened on Monday night and they only told us about it on Thursday we suspect their openness had a little bit to do with media exposure. Melbourne Health, which had a bit of a scare last year with a Qbot worm, could learn a little about transparency from its northern colleagues, we think, as we still don't know the full details of what happened there.
For real openness and transparency when it comes to hospitals and the cyber, we recommend you take a look at this quite excellent article on how a hospital in New York state was attacked and how it has taken six weeks to recover. Kudos go not only to the reporter but to the hospital CEO and senior doctor who agreed to be interviewed and obviously have nothing to hide. It's a contrast to some organisations here, where the first impulse is to roll out the spin doctors rather than the real or the cyber ones.
We also liked this story from Computerworld that seemed to rule out Windows XP as the vulnerability for WannaCry, and it now seems Windows 7 was the real victim. The bad news is of course that many hospitals run on that OS. We are likely to see this more and more, so as Donald says, we have to get better at the cyber.