Outdated NHS computers ‘need urgent upgrade’
MSPs urge action after cyber attacks
SCOTTISH ministers have been urged to scrap ‘out of date’ computer systems to help prevent another cyber attack on public services.
MSPs yesterday claimed the Scottish Government should commit to updating and replacing the 6,500 NHS Scotland computers found to be running the outdated Windows XP.
During a Holyrood debate on ‘cyber resilience’, there was cross-party support for the move.
Earlier this month, some members of NHS Scotland staff were shut out of their computers after the machines became infected with ‘ransomware’.
Those behind the attack demanded payment in exchange for providing access to the locked files.
The hackers exploited a bug in the Windows XP, 2003 and 2007 operating systems, which many health boards still use.
Routine operation were cancelled across Scotland, with health boards urging only those who urgently required treatment to visit hospitals and accident and emergency units. Yesterday, Labour MSP Daniel Johnson said: ‘One of the key issues with the recent attack was the volume of Windows XP installations in the health service.’
He asked the Government when it would be removing the system from computers.
Tory MSP Jamie Greene said: ‘It is clear, in the aftermath of the ransomware attack, that the evidence suggests several hospitals did not install the updates that they had received prior to the attack, which left their systems vulnerable.’
Turning to the issue of Windows XP, he said that ‘a co-ordinated upgrade and end-of-life plan is a necessary part of any large-scale IT project’.
Nationalist MSP Willie Coffey insisted that the Government should ‘stop using out-of-date computer systems’ or a similar attack would happen again.
MSPs unanimously backed a Scottish Government motion, as amended by the Conservatives and Labour, noting that the recent global cyber attack demonstrated the urgency for everyone to secure their technology, data and networks from the many threats now faced in the digital world.
A Conservative amendment saying the Scottish and UK governments should communicate closely to implement these strategies and to minimise the risk of attack was also supported unanimously, as was a Labour amendment supporting investment in public services to ensure that they are wellresourced and flexible to withstand future attacks.
Deputy First Minister John Swinney said: ‘The key question that we have to address is how we establish and maintain the most rigorous level of security possible on all systems that are used.
‘The crucial thing is that security arrangements must be in place to ensure that the necessary precautions are taken.
‘From some of the steps that we already take, it is clear that our policy approach and the requirements that we place on organisations are designed to achieve that objective.’
‘Vulnerable systems’