NHS urged to consider Microsoft alternatives following cyber-attacks

  • 17 May 2017
NHS urged to consider Microsoft alternatives following cyber-attacks

In the wake of Friday’s international cyber-attacks, which caused widespread disruption across NHS organisations, a small team of developers is recommending the health service reduce its reliance on Microsoft.

The NHS almost exclusively uses Microsoft operating systems, some of which – like Windows XP – are no longer officially supported.

To demonstrate that there is a licence-free alternative, GP Marcus Baw and technologist Rob Dyke have adapted the open source Linux-based Ubuntu operating system specifically for the NHS. They call it NHSbuntu.

Dyke said adopting NHSbuntu could form part of a strategy for better securing of legacy operating systems and key clinical applications. He described residual NHS use of XP, including in medical devices and diagnostic equipment, as a “critical liability” in some trusts.

Baw said the system also had the potential to save the NHS millions in licence fees currently paid to Microsoft, and suggested open source alternatives could be particularly suited for administrative, non-clinical and back-office users.

Adoption of NHSbuntu could also potentially help the NHS make more widespread use of cloud computing. Ubuntu is already the most widely used operating system for cloud-based applications.

So far NHSbuntu is just a working prototype, though is a fully functional, secure OS. Baw said: “This is research and development work and not yet production-ready.”

“We’re very keen to develop an open and inclusive NHSbuntu community, and have an open forum for NHSbuntu”, said Baw. “We encourage community contributions and will work closely with any existing open source vendor to include their work in NHSbuntu’s default repositories. We’ve already had interest from RippleOSI and Open Health Care UK in this regard.”

Chief information officers and chief clinical information officers in the south west were the first to see NHSbuntu at an April meeting. Baw said the plan was to work with interested CIOs and CCIOs to further develop the NHSbuntu project.

Gary Kennington, IT operations manager at South Devon and Torbay CCG, has been involved in the project since it began in February. He has been demonstrating NHSbuntu widely in his CCG, using it for cyber security, including safely opening suspicious emails received by staff and inspecting the contents without risk to the CCG network.

Kennington believes that, had it been deployed, NHSbuntu could potentially have reduced the impact on his organisation from last week’s cyber attacks.

Baw said NHS Digital was aware of the project, which began as self-funded but has now gained financial backing. “We are delighted that the open source Apperta Foundation have recognised the significance of this initiative and made a £40,000 grant to enable some further work.”

Baw added: “In view of the Friday’s incident, and the importance of making some urgent and effective change, we’ve directly approached NHS Digital for a more serious investment for one year’s concerted R&D.”

Among the key technical challenges that have already been addressed to enable use in the NHS is integrating the NHS Digital Identity Agent (IA) smartcard components, potentially paving the way for using IA-secured clinical applications in NHSbuntu.

Dyke said: “We aim to increase the range of clinical application packages in the coming months. There is already a lot of open source clinical software in existence, including open source DICOM (Digital Imaging and Communications in Medicine) viewers, PASs (Patient Administration Systems), and others, which we intend to draw on for NHSbuntu”

David Miller, director of Open Health Care UK, commented: “The NHSbuntu server edition would be an ideal deployment environment for the many open source Opal applications, allowing NHS IT to take advantage of the best practices from industry when deploying and scaling modern web applications.”

He added: “Having a modern web browser available by default on all desktops would be a truly transformative step towards enabling better usability for NHS IT.”

Miller described Linux as an extremely secure free Unix operating system which is now one of the most widely-used operating systems in the world, running on more than 95% of web servers. It is the foundation of Google’s Android mobile operating system.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

System C to trial AI assistant to ease NHS social care admin

System C to trial AI assistant to ease NHS social care admin

System C is to trial an AI assistant for social care in the NHS to support social care practitioners by reducing their admin burden.
Data published online following data breach at Alder Hey

Data published online following data breach at Alder Hey

A major data breach of Alder Hey Children’s NHS FT's online systems has seen private information published online and shared via social media.
NHSE CIO calls for trusts to stop developing their own data centres

NHSE CIO calls for trusts to stop developing their own data centres

NHS England CIO John Quinn has urged trusts to stop investing in developing their own local data centres and instead move to cloud solutions.

86 Comments

  • I’ve been a long term supported of the use of Open Source across the public sector. But the unfortunate conclusion I’ve come to is that the on-cost of support is not affordable. Any non Microsoft OS is going to be harder to support, because the tech skills necessary are hard to source at the pay threshold we have.

    So I’d love to pilot something like this, but we don’t have the skills in house to do so. And if we outsource, the commercial market for support isn’t stable enough to risk running anything.

    • thank you for your openness and honesty …
      my view is that @ the top levels the provision of health IT by the NHS is currently being run too much like an academic “exercise”
      and not enough like a sustainable business that puts the health and safety of it’s users/customers/consumers/owners blah blah blah first … there is nothing wrong with a “free for all” approach but I suspect the majority of people who are currently working within the entire NHS structure are better equipped to use Microsoft than anything else.

  • And what happens when the clinical applications you are running no longer work on Windows 7?

    • I know MS licensing is complex, so I could also be wrong, but Microsoft’s own guidance on VDI is that a VDA license is required for any device which is accessing a Windows VDI desktop. PCs are only covered if you have software assurance.

      The Windows 7 Pro OEM license allows you to run one copy of Windows 7 locally in a VM, but you’re still having to buy PCs with a copy of Windows.

      It’s not possible to avoid paying for a license if you wish to use Windows in some capacity.

  • No one has addressed the issue of Microsoft VDA licensing for presenting a virtual desktop, how have you got round this? Having Windows 7 licences does not mean you don’t need these.

    • The NHSbuntu approach uses virtualisation running LOCALLY on the workstation. This uses a local windows 7 VM. Alternatively, the desktop image could be run remotely. Use ovirt and spice products from Redhat.

      Bye-bye VDE licences…..

  • if a solution works use IT, leave wasting time to others to discuss if that is what they do, iOS or android? doen’t matter if IT works, IT’s a local choice, the DATA on the other hand … well, that should be being “processed” nationALLy don’t you think?

  • What I think is the Linux option is like “flower power” a great idea but it just ain’t going to work out because of human factors such as no one willing to invest in it. NH IT Services, especially DATA, are in one big mess now (that’s Health and Social CARE) and need to become far more efficient. It is my personal view that far more should be “being done” at the national level, but that will not ‘appen because of human factors such as no one willing to invest in it. The key to it is to make sure that when people “shop” around for solutions then national bodies ensure that they are all treated fairly.

    • Clive – it’s an easy fix. The gov’t simply has to mandate it. Until such time as gov’t flexes its massive market buying power, inertia guarantees that things will continue to be badly broken (and, let’s face it, the MS model for building big IT infrastructure has some massive underlying structural deficiencies that ensure it will continue to be unwieldy, insecure, and eye-wateringly expensive for the taxpayer, all by design and tradition). Linux is not a fly-by-night technology. It is currently the single most deployed Operating System on the planet, and growing far faster than any other. It’s pinching the desktop from the mini-device side (mobile devices running Android and internet connected devices running embedded Linux variants) and from the enterprise/cloud side (99% of the Cloud is Linux, as is High Performance Computing).

      • “has some massive underlying structural deficiencies that ensure it will continue to be unwieldy, insecure, and eye-wateringly expensive for the taxpayer” … that reminds me of another infrastructure.
        Thank you for sharing your thoughts Dave.

  • One more thought… I need to fill a vacancy, how easy is it going to be to find someone who has Linux technical qualifications and more importantly experience of supporting an enterprise solution?

    • It’s difficult for “Microsoft shops” to find Linux expertise because, based on my experience, Linux experts prefer to work in an open source environment. But, that said, as long as you know what you’re doing (and don’t, for example, rely on “qualifications” to assess competence) you’ll probably find someone competent as easily as you would an MS Windows expert. Thankfully, with Linux (unlike any non-open source platform), there are no barriers to anyone with an interest developing any and all authentic expertise that would be useful for any IT role.

  • The Open sourcers out there were holding up Munich as a vanguard against the evil Microsoft. However the savings do just not add up and certainly in February they were looking vote regarding switching back to Windows.
    It led to poor productivity because staff had to learn a different ‘Office’ product and issues with sharing files with outside organisations etc.
    Presenting a VDI session to a Linux desktop is not a cheap option.
    Perhaps more effort needs to spent on application virtualisation to wrap older applications in a bubble.

    • Actually, Grant, I encourage you to be *very* skeptical of media reports that support multinational corporate positions on things over those of small businesses or communities, because usually they’re orchestrated by the multinational (look for the PR company – check on the author’s vested interests, for example).

      You’ll find that MS was very concerned that people would stop thinking that they “needed” Windows if Munich’s open source implementation was a success (to the extent that back in the day, Ballmer came for a visit). Note, now, that this interest in Munich abandoning Linux (being promoted by a new mayor of the city) coincides with MS moving their German national headquarters to the one city in which MS *isn’t*. Coincidence? I suspect not. I think you’ll find that the best software deal for gov’ts is the one you *don’t* hear about because taxpayer money isn’t going into marketing its success…

      Linux (now the world’s most widely used operating system, by far: http://www.zdnet.com/article/sorry-windows-android-is-now-the-most-popular-end-user-operating-system/#comments-f5a402aa-3af0-44f4-b357-201d70293f91 ) sells itself, it doesn’t have a megacorp interested in pushing the “Linux” brand, and it doesn’t need to spend $billions/year on marketing like MS and Apple do.

    • Actually, Grant, I encourage you to be *very* skeptical of media reports that support multinational corporate positions on things over those of small businesses or communities, because usually they’re orchestrated by the multinational (look for the PR company – check on the author’s vested interests, for example).

      You’ll find that MS was very concerned that people would stop thinking that they “needed” Windows if Munich’s open source implementation was a success (to the extent that back in the day, Ballmer came for a visit). Note, now, that this interest in Munich abandoning Linux (being promoted by a new mayor of the city) coincides with MS moving their German national headquarters to the one city in which MS *isn’t*. Coincidence? I suspect not. I think you’ll find that the best software deal for gov’ts is the one you *don’t* hear about because taxpayer money isn’t going into marketing its success…

      Linux (now the world’s most widely used operating system, by far) sells itself, it doesn’t have a megacorp interested in pushing the “Linux” brand, and it doesn’t need to spend $billions/year on marketing like MS and Apple do.

      (note, re-entered this comment because moderators weren’t passing my previous instance which included a supporting reference)

      • The recent evaluation of the Munich solution was written by Accenture, who are also global partners of Redhat, so those who right they are in Microsoft’s pocket, they are in everyone’s pocket.
        Until you can get application vendors to write their products in Linux then you will be forever at the mercy of Microsoft. If you are presenting a Windows desktop on any hardware platform via a VDI then you need a Microsoft VDA license, it doesn’t matter how many Windows 7 licences you had under the old NHS EWA.

        • People just need to realise that allowing MS to have a monopoly over your entire IT infrastructure is poor strategy. It benefits no one by MS. The lock needs to be broken for any useful improvements to be possible. Accenture find whatever their customers want them to find. If they suddenly get ethical, then, of course, the customer can simply bury their report and find someone else who’ll give them the report they want. That’s how these things work.

          • People do not give them the reports, they are paid to write them, plus my personal and honest opinion is that monopolies do not lead to a healthy business environment.

    • Dave – reference to learned helplessness – I’m not ‘suck on an elevator’ but my focus is not on what OS, but on ensuring that I can provide clinical services with the best solutions to meet their requirements. I am not going to limit my choice of say ePrescribing systems to only those that are either open source or run on Linux, a technology driven selection process, but the best solution to meet the functional requirements defined by the clinical workforce. My focus is to then ensure that the implementation and change management to gain the benefits of ePrescribing are realised. My job is to also ensure that we provide a technical platform for always on, as best protected from any form of cyber-attack as possible and if unfortunate enough to be zero day’d or otherwise compromised to be able to recover quickly to as near as possible data snapshot, not last nights backup, as possible.

      Would I like all application vendors to be open source and base their products on open source platforms – of course. Do I see this happening in the global healthcare market anytime soon. Not at all – so in the meantime focus efforts on providing the best service possible to front end staff with the platforms that are warranted by the application vendors that best meet functional requirements.

    • Linux is not a panacea.

      https://arstechnica.co.uk/security/2017/05/a-wormable-code-execution-bug-has-lurked-in-samba-for-7-years-patch-now/

      Not as bad as the SMB vulnerability but there will be millions of consumer devices running Linux that will never benefit from a patch.

      I fear the effort involved in switching to Linux will not reward you in the way you think it will. Security is always a multi-faceted job and sometimes your efforts are better spent improving what you have than ripping and replacing.

      • All software has bugs and vulnerabilities. Yes, poorly maintained and out-of-date software is dangerous. In the Linux world, though, no one as an interest in downplaying or burying vulnerabilities… How many vulnerabilities in Windows are known to the NSA (and others) that *haven’t been fixed*? Linux and its open source ecosystem is structurally different. It’s more secure by default (e.g.uUnlike Windows, SMB/Samba isn’t turned on by default, for instance). Also, it’s not a uniform monoculture. Patches are not distributed based on MS’ priorities (often slipping in procedural and functionality changes along with security patches, for instance) but rather to solve each problem. Also, without proprietary domination, open standards pervade it, removing barriers to upgrading and increasing competition between functionally modular components. In the Windows world, everyone’s trying to create their own proprietary monopoly (like Microsoft has enjoyed for 15 years or more) buy building monolithic tools that generally don’t work well with others and make upgrades and technology changes prohibitively expensive, risky, and disruptive. The problem isn’t just Windows, it’s the entire IT status quo.

        • “In the Linux world, though, no one as an interest in downplaying or burying vulnerabilities”.

          So we will all be one happy family contributing the open source “panacea” including the CIA, hackers and criminal cyber gangs?

          The benefits of switching to linux in this context are marginal and vastly out weighed by the cost of change. The fact that much of the NHS simply won’t function on linux and if we started today in 10 years we’ll still have Microsoft (probably XP too), will not resolve the issue.

          In fact now we’ve got an even bigger landscape to manage and secure.

          Given the basic failures that allowed this to happen I can’t see that being a pretty picture.

          This isn’t about Microsoft/Linux, it’s about effective security management. Your OS choice is a small part of this.

          As big as the WannaCry out break was there was still a significant majority unaffected by it and using Microsoft Windows.

          Everyone else is just looking for excuses / something to do.

          • Yes, it’s not specifically about Windows vs Linux. But, as I’ve explained elsewhere in these comment, the models employed by the Linux community and Microsoft couldn’t be more different, and that’s important. Yes, MS has substantially improved its security practices in the past decade. However, it was starting from an abysmally low bar. The open source world, with its signed package repositories (we had that 15 years ago) and the massive advantage of having the *whole* ecosystem managed on distribution servers was making MS look *very* bad, with its massive everything-and-the-kitchen sink monthly patches and its users’ habit of installing software from any old place, it’s had a LOT of catching up to do. Still, MS is motivated by profit. It introduces security patches along with “money-making” initiatives like ads on the desktop… It makes it hard for most people to differentiate between security and functionality patches. That makes it fundamentally different from Linux, which is 100% focused on solving problems to achieve technical correctness – there is *no* profit motive. I think that’s enough reason to actually prefer the Linux model over the Microsoft model.

  • This is interesting and something I’ll personally investigate, however I do not believe Linux is a magic bullet to improved security. In recent years many serious vulnerabilties have come out and I believe it’s inherent security is mainly through obscurity.

    Serious thought has to be given to cloud computing, especially apps which run as services without the need for an operating system. Microsoft and Amazon are better geared to ensuring security and resilience.

    Lack of licensing costs will be balanced with training and support. Lets not forget, a large proportion of Microsoft licensing comes not from the desktop, but CALs for accessing Windows, SQL and so forth.

    • No one suggests that Linux will be a magic bullet for security. That said, Windows, as a monolithic monoculture (thanks to backward compatibility constraints) is inherently fragile, just like any monoculture. Linux inherently has more diversity. Lack of licensing constraints is a huge boon for Linux and its entire open source ecosystem (allowing people to test solutions – and deploy if suitable! – without bureaucratic interference). I think the whole “training” saw is well overdone. It assumes far more skill among the existing cohort of Windows users than I think is justified. Most of them barely know how to use the existing tools and are out to sea even with minor version upgrades that tweak user interfaces. Starting them on a totally different platform probably isn’t any more difficult than, say, going from a traditional MS Office interface to “The Ribbon”. I think, ultimately, that people are going to have to bite the bullet and start remediating the damage done by a generation of bad IT strategy and decision making: handing a single overseas corporate vendor the keys to your castle (MS currently has the ability to – quite literally – hold just about all the gov’ts, businesses, and institutions of the world to ransom if they don’t keep paying) – that’s just dumb. I think it’s time for a massive adjustment.

      • Windows 10 is more secure than ever before. The vulnerabilities that have been found in some of the core Linux components, such as glibc, show that a) it is not immune and b) despite it’s open source nature, the community failed to pick up on these issues for years.

        We’re in a catch-22 that the clinical marketplace won’t be mature enough in this area to supply solutions that work whilst Trusts won’t embrace it until there are sufficient solutions available.

        You don’t avoid licensing costs merely by switching to Linux. If you’re connecting to an infrastructure that uses Windows servers, or MS SQL servers or maybe RDP, then you’re going to need licenses. To be honest the cost of an OS license is the least of our worries!

        • This is a time when leadership is required. The status quo is broken. As a software support model, Windows is broken. Yes, Windows 10 is better than previous Windows, but that’s a desperately low bar. Windows (whatever version) is a monoculture. It is inherently fragile on a global scale. A single flaw can (and eventually will) allow a threat to wipe it out. Linux is not perfect, but it has a better model (not all controlled by a single profit-motivated entity), and is more inherently diverse.

          Yes, there’re existing systems for which there are licenses, and I’m not arguing about that cost. I’m arguing about the constant, repeated cost, iteration-after-iteration, year-on-year. With an open source ecosystem, the support costs are there, just like with proprietary, but the license costs are not. More importantly, the *freedom to fix things that don’t work for you* is there, too, and well led entities the size of the NHS has the ability to create solutions for its own requirements in certain pinch points and then deploy them (with minimal incremental cost) where-ever they’re useful throughout the system.

          As for MS SQL and RDP – that’s the sound of someone who doesn’t realise there’s a whole rich world outside of Microsoft. My strong feeling is that RDP is used only in the context of a badly designed application or network. Or on one that’s license constrained – RDP is the answer to a question no one should be asking. The NHS community has to abandon its “learned helplessness” and start deciding its own fate. People like (I presume, so apologies if I’m incorrect) you probably know lots of things that could be improved if you had access to the right tools and processes. So describe them and get them built rather than just tolerating the one-size-fits-all software that proprietary vendors shovel (and yes, Sharepoint and AD are part of that).

  • @Jas

    1) We went for a WIndows 10 theme for a familiar look and feel.
    2) There is a Microsoft-a-like theme for Libre Office too. Looks just a gawdy and confusing as the Real Thing (TM).
    3) Active Directory integration done and done. Interestingly the CCG’s we’ve been speaking to are federating and consolidating AD with open source LDAP products.
    4) Linux has extremely comprehensive support for scanners and printers. And after much testing we can confirm that the coverage for the ubiquitous Dell desktops is solid. Well, Dell do ship PC’s with Ubuntu pre-installed….

    Sorry, I’m not of the vintage that can recall Sun desktop trials.

  • First thing you need to do skin the solution with a KDE Windows 7 theme or similar. You might then have a fighting chance with the users. Then you need to skin Evolution to look like Outlook, LibreOffice to look like MSOffice. Then provide AD integration and spend the the next few years fighting for driver support from vendors. Anyone else remember when the Sun desktop was “trialled” as a replacement years ago for the NHS? No…….? Exactly….

  • So do we need to purge legacy software? Why do we let the software supplier dictate the terms. This is the government – they changed my pension terms without my permission why cant we force suppliers to modernise their solution.
    hitting the limits of my knowledge here – but moving most services to cloud based – browser services and away from desktop client installs and local servers might help?

    also how many rooms across the country are filled with “servers” running who knows what being maintained how often? Should we be getting rid of local servers and move to virtual servers in a truly five9s data centre? we recently had a couple of problems with our local servers – on one call – the support admitted the server was full of a load of junk and old files that they’d deleted and hopefully that would make it better. On another job some error log file had filled the hard disk and took the service down before anyone noted it. Our comms room here in the practice – has several pcs and laptops alls connected by cable to the patch panel. GOK what some of them are for. I run 20 GP websites from a commercial host that has a virtual box that gives me as much bandwitdh and space as i need/pay for.

    • > Should we be getting rid of local servers and moving to virtual servers?

      A lot of the problems you describe here are caused by what gets called “treating your servers as pets rather than cattle”.

      You lavish attention on your pets. They’re special.

      You get what you need out of cattle and then start again with a new one.

      One of the main attitudes that has developed around cloud computing is that because you CAN just summon forth a new server with the click of a button, is that you should make this as easy as possible. In the apps I’m handling, we don’t upgrade the servers, or even patch them. We build a new server image from scratch with the new OS patches and software, fire it up, redirect clients to the new server and then kill the old one and throw it away.

      You can do this kind of thing in your own rack, or in the big datacentre GOKWHERE, but people do procurement oddly because of historic practice – they request a server +for a purpose+ and get very territorial over their computing resources even though they may be tragically underused.

      What did I do when I realized our AWS app servers at t2.medium were 8x the size they needed to be? Built new ones based on the t2.nano (cheapest) server size and threw the old ones away. Which took 10 seconds typing and 5 minutes waiting. Not bad for cutting our server runtime costs by 75% at a stroke. And ne’er a procurement form in sight.

      Of course all this takes some learning, and some re-architecting of things. IMHO we need to move away from apps that need big, concurrently used, central data stores and go for a more peer oriented architecture. The Big Fat Database in the middle is the least easily scalable thing about most current EHR application architectures.

    • “Why do we let the software supplier dictate the terms?” – well the simple answer is because it is their product and if we want to use it then we are dependent on what they want to do. We can take our business elsewhere if we don’t like it – but what if there is nowhere else to go?

      Also I think suppliers often get a hard time – they aren’t charities, and they have to pay the bills and keep the staff together. It’s all very well to airily say “you have to get rid of all the legacy code in your application” but if that means that they go out of business or can’t do any other development for 6 months then we all suffer.

      I think that it is perfectly possible at present to run a solid infrastructure based on any platform you care to name so long as you do it properly. If you do it badly you will get poor results, but if you do it well you will get good results. Doesn’t matter what the platform is really. There is far too much fretting about which OS to use etc and not enough attention paid to good ‘husbandry’ of what you have,

      • “well the simple answer is because it is their product and if we want to use it then we are dependent on what they want to do.” Yes – it’s down to a little thing called “proprietary standards” and the fact that granting a contract to a proprietary software vendor is equivalent to handing them a monopoly over your future computing that they can (and inevitably will) use to exploit you. Moreover, the cost of switching to another solution is huge due to the locking effected by proprietary data/file formats. The solution: the NHS uses its *massive* buying power to demand that vendors supplying software adhere to open standards formats and show a strong preference for open source solutions. If the NHS does this, vendors will rapidly retool to support these solutions and suddenly (for the first time) there’ll be a competitive market place for software procurement by the health sector (and, by virtue of being open source, by everyone else as well). Win win win.

      • Is it about demanding that the data is separate and accessible. Ok looking at this from a GP POV – for years I had EMIS using a MUMPS database that was locked down despite being on a server id paid for in my surgery. If we wanted access to it – we had to pay through the nose. Yet id typed all the data in. I came across a Geek who’d hacked it for his PCT and was running all sorts of amazing reports on it but no one was to know.. Now its on a remote server int he sky and guess what – every time i want any access to the data – I pay through the nose. the built in reporting system while good just isn’t good enough. Why cant i just dump it all in a massive SQL database and query it to my hearts content. Moving systems is a nightmare. If data was kept separate – and accessible – perhaps a copy? wouldn’t it make competition and switching easier? Come to think of that – i need a hacker – can i have a key logger that keeps a copy of the data I’m entering for me?

        • I suspect what the IT suppliers are really trying to protect is not the data but the data model, that is their IP and they are entitled to protect it. If you were to dump the data straight into a SQL data warehouse a data modeler, given time, would probably be able to work out the model.

          • meant to add … @ all the NHS orgs that I have worked, the leaders, who, unfortunately do not tend to understand data modelling, generally request data from multiple systems (sometimes in double figures) to be “dumped” straight into a DW as quickly as possible, they then expect the IM&T teams to perform miracles using data straight from the dump. That’s not good, the data should be extracted and moved along a pipeline that sorts/tidies it, ending up in a structured local performance data mart, which as been designed not just for performance but with a view to the future.

    • Exactly, that would remove the fear of introducing instability when moving to newer versions or applying a patch.
      Also the following reason for not moving forward would disappear, “we have 5,000 boxes that need to be updated”, and those old boxes would still have a function. Some trusts really are doing an amazing job but not all, in fact I suspect they are in the minority.

  • I say with a heavy heart but this does rather remind me of the whole “1996/7/8/9 is the year of Linux on the desktop” stuff that we used to hear. All these arguments were made about why we should all ditch Microsoft and use Linux instead but for lots of reasons it never happened.

    As others have said it is the maintenance and management of whatever system you have that determines how well it works and how secure it is. Just because you change the OS doesn’t mean that suddenly you won’t have any problems – you’ll just have a different set of challenges.

    In our organisation even a small change in setup or configuration takes a lot of effort and careful planning, and whilst in theory I am sure we could deploy a system like this I would have a very hard time justifying the ROI and why the implementation costs were justified. Sure license costs are an issue, but they aren’t the whole story. If I was going to pick a place to start it would probably be MS Office as most staff don’t use most of it and it is quite expensive. If we had a good enough replacement then that would be interesting – but I have been constantly disappointed over the years by ‘OpenOffice’ and it still isn’t good enough and probably never will be. Google apps are more promising although they aren’t there yet either.

    As with the rest of the world I think the best place for Linux is server side and desktop use is always going to remain a minority use.

    • Moving to an open source environment would be the best possible thing for the NHS in my opinion. James, you should consider LibreOffice.org. OpenOffice has been largely supplanted by it in the open source world, due to a stronger, more active community – thankfully, it shouldn’t matter to any organisations wanting to make the switch – they both share the same native formats (which happen to be the open standard ODF formats that the UK government has mandated for document, spreadsheet, etc. use). I think you’ll find LibreOffice, though demonstrably not MS Office (I consider that to be a very good thing), is no slouch: http://www.techradar.com/reviews/libreoffice

      • Dave, we use a mixed economy of MS Office and LibraOffice to reduce MS licensing costs. In discussion with users of LibraOffice (circa 1000 deployments) they find the UI old fashioned, crashes fairly frequently (mainly when opening Word docs), much prefer MS office – but put up with as OK given the use case for where it has been deployed. Based on this experience I would not be prepared to extend further on the current version but open minded going forward.

        • It’s Libr_e_Office, Simon. Not sure if you realise the reason why the UK gov’t has mandated the use of Open Document Formats rather than MS’ native document formats (see http://www.computerworlduk.com/it-management/uk-government-adopts-odf-as-standard-document-format-3532219/) which are effectively proprietary (because MS can alter the formats at their whim). LibreOffice is as good as MS office for the purposes of 99% of users. Format incompatibility is MS’ fault, not LibreOffice’s. In my experience (supporting businesses using LibreOffice and MS Office) LibreOffice is much more robust than MS Office in opening complex files *created by MS Office*. In fact, in many cases, files that MSO wouldn’t open (calling them “corrupt”) could be “rescued” by LO due to its more robust file interpreting capabilities. Did you know that LO developers have had to reverse engineer MSO file opening because of MS’ policy of hostility towards any would-be competing product? See https://openstandards.nz for some useful info on MS and their lock-in practices.

  • Rather than jumping ship from one supplier, to another, the NHS needs to do a full review of where it’s security is right now, what are the holes, and deliver a multi-pronged response; covering human behaviors, IT management, and improving the resilience of systems.

    If you can’t stop GPs from leaving their smart-cards in (experience just two weeks, not for the first time), then the best SSO, or most patched system, or most open-source OS, won’t stop someone sitting down and doing something untoward on a machine.

    There is no single solution to any of the NHS problems.

    • Well said.

    • The products you name are simple SSO products, I can’t see how they would handle secure witnessing of drug prescribing, managing password resets within applications and fast user switching.

    • Seems to me, Insider, that those systems are highly sensitive and are too important for the NHS to completely outsource them. An organisation the size and complexity of the NHS, in the context of the UK legal framework, probably has sufficiently sophisticated requirements that customised solution (owned by NHS, not a vendor) is the right thing. I’d recommend that the NHS work with an open source vendor to develop a comprehensive set of use cases, work out the risks, functional requirements, and expectations, and then – building on one of the industrial strength open source SSO platforms available – create a solution that meets those requirements. NHS can then own that solution and make it available across the organisation as required (at a similar or lower cost, I’d wager, to buying a proprietary off-the-shelf product that’s probably not really well suited to the task(s)).

    • I’m inferring that what Grant is describing is a password manager with triggered auto-type ; an app that knows all your passwords for the old, unintegrated systems you have to log into, watches your windows, and knows what to type when the login box shows up.

      There are definitely password managers for Linux, not sure if any of them trigger automatically when particular Windows show up. I know that it should be possible to develop those features though.

  • Are there any single sign on Solutions that work with Linux? We would have a riot on our hands if we took that away.

    • Yes, there is plenty of SSO solution for Linux. Keep in mind that the majority of backend infrastructures are based on Linux and that SSO is widely use to manage access to those servers.
      If your supplier says that they don’t support SSO on Linux client then start worrying about quality of their offering.

    • A quick Google tells me that Imprivata runs on a Linux based thin client. This case study is summary of a deployment at St George’s, South London. https://www.imprivata.co.uk/uk/company/press/praim-thin-client-and-imprivata-onesign-selected-improve-productivity-reduce-costs-and

      • By Single Sign On I meant a solution that works across all software not just AD authentication. Most of our software doesn’t use AD pass through and so we use a well known SSO product to manage passwords across all our major software. Despite looking I couldn’t find an SSO product for Linux? Anyone care to name one?

        • Grant,

          The first one that springs to mind, and we have just implemented Midpoint, but without SSO, for our first GP practice on a single domain for all of our GP partners in our CCG, is Midpoint Evolveum: https://wiki.evolveum.com/display/midPoint/Single+Sign-On+First

          It is certainly something we will be looking to expand upon as we move each of our practices onto this solution, which we are initially using for Identity management

          Kenny

          IT Operations Manager NHS South Devon & Torbay CCG Pomona House Oak View Close Torquay. TQ2 7FF Tel: 01803 652583 Mob: 07500127083

        • Many SSO solutions both run on and for Linux. Widely used ones include FreeIPA (supported by RedHat among others), SimpleSAMLphp which is very widely used in the Cloud, and a plethora of OAuth and OAuth2 implementations.

        • Help us to help you and others?
          What is the name of the software you use?

  • Lets be clear, this attack didn’t just hit Windows XP, it also hit most other versions and if weren’t applying patches then in my view you were negligent and plenty of Trusts were not regularly patching.
    Good luck with getting any Pathology system provider to allow you to run their application in wine.
    What we should all be worried about are suppliers of medical devices that won’t let you apply patches, this is a huge risk.
    Also lets not forget that server 2008 R2, SQL 2008 R2 and Windows 7 go end of support in 2020, we need to start looking at that now, not in 2020.

    • The fact more places were not affected than not affected means this is a local issue and there should be serious questions about why and accountability.

    • I’ve just been skim reading https://technet.microsoft.com/en-us/library/cc700845.aspx there appears to be a very thought out and tested way of installing patches to enterprise level computers. i wonder how often the image my computer is built on – given the 45 important updates mentioned above – has been updated? my roaming profile goes wrong most weeks and no one bothers. should we be accessing the basic competency of our support services? I’ve just been inspected by the CQC – who inspected the CSU who support my desktop? Do i have any choice?

      • You hit the nail on the head. Despite being a “National” Health Service there is very little national about it.

        The security landscape is enormous, gone are the days you can have an IT manager with a spanner and a box of wires do everything.

        We have 100s of organisations trying to do this with little central direction or control. On top of this you have the issue of the “empire builders”, “not invented here syndrome” and “we’re different”.

        Services such as email need to be national and used by all. You have one resilient and secure system with a proper team / infrastructure behind it which enforces policies locally.

        This has to be the way forward for key infrastructure and services and the more we can do in the cloud the better.

        • I think Dan is right more stuff should be being done nationally, NHS IT Services should be a leveler.
          The technology is so powerful now that volumes should not be an issue and a national approach to some things would lead to significant gains in efficiency. Don’t get me wrong a local approach to some things e.g. which products to use to capture data, the design and population of a local data warehouse etc. is essential but with regard to the processing of performance data and citizens access to their health data a national approach should be considered.

    • NHSbuntu uses virtualisation to seamlessly provide clinical applications that have a Windows dependency. Emulation – using WINE or Mono – is not an option we’ve entertained.

      Our approach is close to what Davey WInder recommended only a few days before the malware hit. He advocated a technique he called “…’virtual patching’ to provide intrusion detection and prevention, for example, or running the application itself as a virtual machine within a more secure operating system…”

      • One of the main issues with institutional patching (including the NHS) I’ve seen is risk-aversion ; the fear that any given OS patch will break some critical application is strong, but usually unfounded. Microsoft work inordinately hard to preserve backward compatibility for applications (arguably they compromise too much on this point).

        At home we don’t usually exercise any such control over patches – we just let the OS apply them and generally don’t notice anything but the reboots.

        In the enterprise, policy first shifts to testing the outcome of each patch to see whether it has a negative impact, and when this proves impractical, to only applying “critical” patches and deferring the rest. This inevitably leads to greater costs assessing the impact of each patch carefully.

        This isn’t helped by the boutique nature of healthcare app development either. Things that would not be tolerated in the wider commercial sphere are tolerated because the audience is relatively small. Not adhering to Microsoft app development guidelines causes it’s own suite of issues.

        I’m not saying these issues don’t occur in open-source software either. But anyone can commission a fix for them, rather than waiting on the largesse of the vendor, who may not care about your issues (even with a 9 figure contract, the NHS was only a small part of Microsoft’s global customer base).

        Ultimately software should be covered by automated test suites and thus your vendor should be able to advise you whether a particular patch will cause issues very soon after it’s issued. But it’s my experience that this is rarely the case in the healthcare market to date, that’s not an OS issue, that’s more an issue of quality assurance and a need to demand certain standards (like demonstrating good automated test coverage) in contracts.

  • The Wannacry enterprise attack has shown NHS’ OS level Infrastructure to be dangerously patchy even when nearly completely designed – if not fully deployed – by Microsoft.
    To complicate and confuse the attack surface, we should require a controlled mix of OS, and surely NHSBuntu should be a promoted component of it, especially for high-risk services such as NHSmail, as above. That needs a high-level NHS policy to promote it. Deployment issues such as training and support needs would not be starting from scratch and can be adapted for each organisation.

    • A USB drive installed with NHSbuntu, preconfigured with N3 vpn, makes a really good home/mobile working environment. With this approach, NHS Digital could be confident that access to NHSmail and other national services was secure on the user’s desktop PC.

  • There is every reason for NHS Digital to invest in NHSbuntu. People can learn to use Ubuntu in the way they have learnt to use iPads or smartphones. Legacy applications that only work on specific versions of Windows can be run in virtual machines or using a Windows compatibility layer such as Wine.

  • I agree with Rob, and whilst Neil has a point, the reason we are using an Open Source OS, licensing, licensing, licensing. The VDI (Virtual Desktop Infrastructure) you propose is VERY Expensive, from a licensing standpoint. However, there are many ways to skin a cat, as they say, and VDI is only one way. Virtualisation in our instance is repeatable, for every packaged instance of whatever you want to deploy. If I have learnt one thing whilst working with the NHSBuntu team, is it is time for NHS IT to step up to the DEVOPS plate, and get stuck in. As Rob has said previously, IT, is just IT. We all have to learn how to script, whether it is Powershell, VBScript, whatever, it is not anything different to how we had do this this pre Windows XP.. The tools to do this are out there and all Open Source, so lets use them

    • Noted Clive – but local IT teams have enough to focus on in terms of clinical apps/change management/integration/demand for always on etc etc. We are not developers or investors, we depend on suppliers and a market that I hope over time will provide us with more robust operating systems. At the end of the day we should not have to put up with software from Microsoft that is vulnerable and constantly needing patching. Personally I think we should let investors invest in new software products either OS or Apps rather than the NHS but recognise this is a personal view.

      • Fascinating, I develop software, the NHS is advertising for developers right now on NHS jobs.
        I was recruited as a developer @ WLMHT to be told by the most senior person working within IM&T the same as what you are saying, so I asked “why did you take me on then”, there was no answer.
        I agree that investment is the key, but I think the NHS needs to invest in it’s developers (technicians), even if it’s only a tiny tiny fraction of what it invests in it’s clinicians. The NHS does needs to be developing it’s own software, maybe not data capture, but other stuff.
        When the NHS was launched technology and data wasn’t around much so the workforce was mainly made up of clinicians, managers and admin. staff.
        Things are different now and the culture needs to change.
        I trust the doctors but I sympathize with the teams working within IM&T.

      • The NHS should allow businesses to build products and services and contracts should include a growth share. We should certainly push to an open landscape but not always require it.

        The second the NHS “owns” anything it becomes niche and next to impossible to commercially exploit or scale globally, open source or not.

        Unless you have scale, re-investment whether through open source contribution or more traditional commercial models are worthless.

  • Isn’t our business healthcare?

    • looks good though you are going to have to hide all the matrix like code from casual users. i just worry about the level of expertise in healthcare IT. ive just run a windows update on my computer – the IT people were here this am. we were hit bad. it says i have 45 important updates left to install. this is despite me being on a standard build and the IT having just upgraded me.. i presume they have patched the ransonware hole – what about the 45 – that remain to be fixed?? i get virtual is expensive – but sending round people is – ive been without a fully working system now for 4 days. im not convinced it will be fixed by tomorrow.

      • Thanks Neil.
        I initially hid the TPP start up screen… Then reinstated it in response to user feedback.

        The Windows machines used for clinical apps are all built using Microsoft standard tools (Autounattend.xml and powershell) and are distributed as an image. Update ONE image, distribute to ALL workstations. Automagically.

    • Don’t you know the IT department runs the hospital? If they can’t justify themselves no one can.

    • that was the case when SS NHS was launched, the world has changed NOW and you can’t provide efficient an efficient national health services without providing national health IT services

    • note to digital health: there may be a software bug in how your “reply” button is functioning, my previous reply was meant for Simon !

  • Given the prevalence of Windows – and IMHO the lack of rigorous adherence to proper network setup and updating and sheer lack of knowledge in depth – i really worry that you put a non standard OS in and suddenly every IT support tech in the country needs to take a month off to learn how to deal with the tech. When iPads came out – the response was ARGH!! dont know anything about them – they arent for enterprise (despite the US military using them across their service) when half the local clinicians moved to the Mac – ARGH!! dont know how to support that… What has been the answer – Virtualisation. I can access a desktop on a PC, a ipad, an android a mac. its the same – its built from scratch each time – to a common build – its in a protected bubble.. What we need is dumb terminals.. probably some RISC based machines with no local disks just a bit of solid state memory a printer port and a USB port. turn em on – boot to the virtual desktop – take it with you – roaming where ever you go – home – office etc..

    • We love virtualisation. We are using virtualisation to provide Windows based clinical apps. See this example of TPP starting up seamlessly in NHSbuntu.

      https://youtu.be/ALD9e_VzL94

      NHSbuntu provides a strong security fence around Windows based clinical apps.

      And that’s virtualisation without any Windows terminal servers or thin clients. The NHS has Windows 7 licenses, let’s use them!

    • Well said.

      What we saw here was a failing in security on so many levels that it doesn’t matter if you use Apple or Microsoft, open or closed source ultimately the NHS is a sieve.

      The idea that we can somehow switch to something else and be secure is like saying its okay we’re on N3 or we’ve got a firewall and therefore we are secure. It is a very outdated (and was never an acceptable) view of security and it’s exactly what got us into this mess in the first place.

      Even where hospitals were using more up to date systems they had simply failed to patch them, disable protocols they were not using, segment their networks, etc. Then there is the question of how it got in seemingly via locally configured email systems.

      Using Linux isn’t going to save us from this. Hackers will go where the gold is and the NHS is an enormous honey pot with many entry points. And if you think that overnight all those XP dependant legacy systems will suddenly work on Linux you are having a laugh. This is a problem that will be around for longer than the people talking about it.

      Before we throw the bathwater out with the baby, how about some lessons learnt, in particular looking at the organisations and hospitals that were not affected and see what they were doing that prevented this? Afterall there were many more of those and I guarantee you they were all running Windows including XP.

      It’s not a question of Microsoft or not, there is no silver bullet, it’s about learning the lessons and applying them at all levels.

    • Just keep in mind that the only “non-standard” OS in this discussion is MS Windows… it adheres to few open standards… Linux (and other open source software) has no commercial incentive *not* to adhere to open standards, and it is therefore far more standard than Windows. Remember that Linux-based computing systems vastly outnumber Windows in the world today, so perhaps it’s time to look a bit farther afield as to what’s “standard”.

      Also, be very conscious of the degree to which you let your familiarity with Windows colour your impression if the status quo. For example, many huge IT installation happily forgo the use of MS Active Directory because that’s a tool for managing *Windows computers*, not computers in general. A more generic tool, like OpenLDAP or even FreeIPA might well be a better, more manageable solution, but it would probably require that IT people either change their mindsets (that the Windows status quo is either “best of breed” or even desirable) or their roles :).

  • Not sure how this will work in practice though? I mean we have enough problems with systems only being compatible with specific browser versions, like IE – how would this work?
    And software would have to be re-written to be compatible….
    And can you manage Ubuntu in an enterprise manner – .i.e. control software installs etc remotely.
    And then of course all of the support and engineering staff would need to be re-trained…

    So struggling to see if this is *actually* a practical solution for anything??

    • There are ‘enterprise’ management tools for open source operating systems.
      Canonical have a product called Landscape for Ubuntu management. We’ve also proven that tools widely used in NHSland work with NHSbuntu. Many of the big management suites have Linux management agents, and NHS organisations already have licenses for them. And if the tooling is the same, then IT teams will be happy. The substantial investments in Active Directory would ‘just work’, retaining AAA rules.

      It is just IT. No need to throw the baby out with the bathwater. If you’re doing IT, you can do IT with NHSbuntu.

  • @john p: Windows is renowned as being an insecure OS compared to Ubuntu. Furthermore, using out of date versions of Windows (eg XP) is very high risk. You’re right that eventually any OS will become a target, but that’s not a reason not to attemp any security at all.

    NHSbuntu isn’t designed aimed at purely solving issues of security though, there are many reasons including legacy software, Information Governance and hardware that prevent trusts upgrading to Win10

  • Any OS will become a target for the bad guys if they think they will get a return on it.

    • Yes, we completely agree. Yet the ability to see and change code is a good thing. Inspecting the code found the Wannacry kill switch!

    • This stuff is complete pie in the sky nonsense. You will not get many apps at all to run natively in Ubuntu. The result is you end up running it virtually. That just means you are running your windows somewhere else and therefore need ALL of the licences. I’d love it if this worked but it doesn’t at the moment. You might, hopefully, in a few years, have all NHS EPR apps running totally in a HTML5 browser. Most are absolutely nowhere near that. The active directory is endemic and hard wired in. I’ve looked at the open source office apps and they are frankly rubbish. It’s a great idea to be looking at this stuff as a research project, and I hope it gets somewhere. However, please don’t promise the earth and please also don’t get carried away with massive licence savings that simply are not there.

      • Part of the problem, as I understand it, is lack of funding to keep the basic infrastructure up-to-date. The other part of the problem that no one’s mentioned yet is that NHS is part of a gigantic global monoculture: Windows. (Apple’s another, much smaller version). Linux, on the other hand is not. Aside from being much lower cost, it is also not managed “top down” like Windows and MacOS. Also unlike those two, it does not have an affinity for proprietary non-standards like Windows and its proprietary app culture. Most of the cost of upgrading NHS system is caused by the huge inertia of Windows-only apps which the NHS bought, and committed itself, its staff, and its patients to. That was unfortunate (some of us would say foolish) but typical of the world, so most decision makers wouldn’t think twice about “buying Microsoft”. But an organisation like NHS has the market clout to tell vendors what they’ll provide, not simply to take what vendors give them. NHS needs to take the bull by the horns and say: we’re an open standards shop. We’ve got to get out of the technological cul-de-sac we’ve created, and the only way we won’t repeat the strategic blunders of the past is to ensure that all of our software solutions conform to open standards so that, going forward, we have a choice of what computing platforms and OSs we procure. We will also insist that all of our tools (to the extent possible) are cross-platform (not locking us into a single proprietary platform that mingles security and “feature” upgrades indiscriminately to suit its own vendor strategy at our expense). Anyway, I think there’ll be a huge cost to get out of the deep hole the NHS (and most other gov’t agencies in the world) have landed in due to poor planning. But the only way to get out is to stop thinking that by repeating the mistakes of the past, you’ll somehow avoid the unthinkable disaster of the future.

  • We have already demonstrated that we can run the existing NHS Digital Identity agent, in a virtual session, on NHSBuntu. Whilst not a native LInux Identity agent, it does work.

  • If we could get an Ubuntu identity agent then this would be a good thing. Until then we’re tied to Microsoft I’m afraid.

Comments are closed.