The open source of freedom

IT in the NHS is in a pickle, and it was in a pickle before the May 2017 Ransomware attacks. Here in Northern Ireland we were fortunately spared the problems that occurred in England, and a large part of the thanks for that has to go to our skilled and dedicated IT professionals in the HSC (what we call the NHS over here), who worked round the clock to protect our vital systems.

The pickle has a number of elements. Perhaps the most obvious, and certainly the one that has received the most comment, is our over-dependence on legacy software that often cannot run on modern operating systems. Many PCs in the NHS have to remain on Windows XP because they simply will not run on newer versions of Windows, and there is no easy way to get the software updated. Often these systems were procured poorly (no future-proofing built in), specified poorly, the original vendors have been bought over and the product "sunsetted", or the licences expired. So we have ended up needing to retain networked obsolete (and vulnerable) systems in order to keep running with business as usual.

Another element (and don't get me wrong - I actually like Microsoft, and in general I think they do a good job) is the fact that many NHS systems are nailed to Microsoft. And we pay for it big time. Think of all those Windows licences and MS Office licences that really (seriously) aren't all that necessary for vast swathes of our staff, but we're paying anyway. We're paying, as a health system, many millions of pounds (you really don't want to know how many millions) for the privilege of having one company provide the exclusive infrastructure that powers most of the NHS. This seems a bit weird, but wait - it gets worse.

This is the one that boils my piss, if you'll excuse the expression. There are known security flaws in Windows. Known. "Known to whom?" you might ask. Well, they're known to the United States National Security Agency, who use them in their cyber-warfare. Of course we small people and small organisations like the National Fecking Health Service are not told about them, but spies who are supposed to be protecting the "free world" are well aware of them. The community can't know about them because the source code is proprietary, so the only people who know about these flaws are Microsoft and the NSA. And the people within the NSA and hackers outside the NSA who may (who knows? They're hardly going to tell us) leak and steal these vulnerabilities respectively. Well, MS knew the particular flaws in this instance, so they had a patch in place to fix them. But since Windows XP is no longer supported (despite the fact that many organisations are still reliant on it), this wasn't released and wasn't applied, unless organisations actually bought it. The irony here is that from a functional perspective, XP was acting as its very own form of ransomware.

So it turns out that we can't trust our "allies" (under Trump, who is really surprised?) and we can't trust the folks who provide the OS of our computers, and we can't trust our staff to not click on some malicious link or attachment, so are we doomed to go on in this mode?

No. We need to sort this bloody mess out, and happily there are good people who have been working on precisely this. We need to break our exclusive dependence on Windows. Linux is an alternative operating system, and the most secure and stable version of this is Ubuntu. A version of Ubuntu, specifically tailored for potential NHS deployment, has been developed - NHSbuntu - incorporating full disk encryption and other security features. Plus, it's open source, so the community can inspect the code itself and any flaws can be patched rapidly without extortionate fees.

Secondly, initiatives like NHSbuntu encourage NHS/HSC staff to get intimately involved in the deployment and use of computer technology within their daily work - they shape the usage and the processes by which they deliver care. This is how we start fixing these problems. No longer are we mere recipients of IT care - we are partners. Holy cow - this sounds very much like the model of healthcare we are trying to now deliver - in partnership with our patients!

People sometimes worry about open source - if everyone can see it, everyone can see the vulnerabilities, right? The kicker is that there ARE more goodies than baddies, and the goodies tend to be single-minded geeks who want to get that dopamine hit of putting things right. The result is that the baddies have a really hard time keeping up. If you have a closed proprietary system, all you need is for the baddies to hack or infiltrate your vendor (or the NSA), and you are royally buggered. And the goodies can't access the code to develop a defence.

So initiatives like NHSbuntu and Open Source are a real boon for NHS/HSC security, and we should be using them more. There are other substantial advantages to this approach, particularly when coupled with an open data format which allows strong interoperability between health IT systems (see the marvellous RippleOSI project for an example). I believe we are on the cusp of a new revolution in health IT - one that promises much better security, functionality and user experience, as well as issuing a new challenge to Microsoft and the big vendors - join us!

Comments

Post a Comment

Popular posts from this blog

Leadership in a time of Psycho

Image
 I've read quite a few books and articles on Leadership over the years. Some are very good. Some aren't. You do find many themes about leading with care, leading by example, leading from within, living your values, promoting positivity, recognising potential in even the lowliest of others, appreciating and learning from failure, and lots of good wholesome stuff that make you happy to be alive and to Be A Leader. But let's face it - very few of us are actually God or Supreme Imperator of the Universe. We don't have complete control over our environs, nor are we the only "Leaders" out there. There are other Leaders, some of which are in different pecking zones, never mind orders, and nearly all of us are "under" other Leaders, or working in a system where the behaviour of one Leader will influence others. It's like a body, isn't it? All those different parts working together harmoniously towards a shared goal. Bollocks. That'...
Read more

Harking back to simpler times

Image
 It has been MANY YEARS since I have posted a blog post on Blogger/Blogspot. Part of me wants to move away from the Google ecosystem (it being one of the companies chiefly responsible for the enshittification (see below) of the modern internet, but most of the alternatives seem a bit... well, inaccessible.  Cory Doctorow's take on it is that things have got worse on the internet, and much has to do with the growth of gargantuan tech monopolies who have decided to screw both the public and businesses, and they're lawyered to the hilt, too big to fail and too big to jail. You can buy the book and support independent booksellers at the same time , rather than That Gargantuan Company, and help the disenshittification effort. It does seem that the world is a bit crazy at the moment - is there hope? Yes there is , and you can see it in the real, ordinary people you meet every day. So go out there, say hi to your neighbour, try to do some good in the world. The enshittocene is not ...
Read more

We've let the genome out of the box. What now?

Image
Much has been said about the promise of Next Generation Sequencing (NGS) to revolutionise diagnosis of rare diseases, and there are many examples of success in this arena. However, the majority of NGS is still being carried out either via recruitment to specific research studies, or as an add-on for very complex cases being seen in large units with strong academic links. Often, genome sequencing comes at the end of a long and expensive diagnostic odyssey. The challenge we face is this: how do we "left-shift" genomics to the more routine clinical scenarios that most of us work in, and turn it into a (phenomenally rich) component of the background clinical information we have at hand when assessing a patient? Drawing on lessons from the UK 100,000 Genomes Inititative and the UK Deciphering Developmental Disorders (DDD) Study, I will apply a UK perspective to this challenge, and try to paint a picture of a world where patients with rare diseases can rapidly avail...
Read more