N Engl J Med 2017; 377:409-411 August 3, 2017 DOI: 10.1056/NEJMp1706754
http://www.nejm.org/doi/full/10.1056/NEJMp1706754

The lesson of this article is how behind-hand the medical community is
to digital security. I don't pick on the British: American hospitals
have been successfully attacked too. I attribute it partly to
providing care crowding out everything else that can be put off and
partly to the conceit of the medical community about their superiority
to 'lesser' concerns, as seen in the treatment of Semmelweis.

This article is available to subscribers.

It usually takes an attack to motivate anyone to action. If you can't see it, and it doesn't affect you, you're not going to care. Ideally we learn from the mistakes of others. But there is a tendency toward the belief that it won't happen to "me".

That's some of it. There is also a large component of ideology and willful blindness to facts, even if it means taking a loss. People have known for 20+ years that M$ products are not fit for purpose, and especially unsuited to networked enviroments. These latest events only rub their noses in it one more time again:

http://www.networkworld.com/article/...you-fired.html

Yet they've persisted and over time have replaced their IT staff with M$ resellers. It's causing them to not just lose money but to also lose patients.
Given the seriousness of the situation those that ordered the rollout of M$ inside the hospitals need to be facing manslaughter charges.

Sorry! I connect at the university, whose users inherit its subscriptions. I quoted choice parts that give the important points I wanted to pass along; anyone can read the abstract. The details aren't that important: the important message is that the UK's NHS can be so careless.

It's not only the NHS! Do you remember the TalkTalk scandal? Someone cracked their customer database and made off with all kinds of personal info, and the company spokesperson couldn't even say whether the data had been encrypted or not. And that's supposed to be a tech firm! If they don't know zilch about the tech they're using, what do you expect of medical staff?

Being "behind hand" is not the problem.
The situation is more complicated and depressing but pkease don't believe the media about either the impact or the number of XP machines.

I expect the NHS to hire competent professionals. They hire professional accountants, architects, engineers, scientists... They're not 'TalkTalk'.

I only know what I read in the medical journals (which includes 'The Lancet'). If you know more I'd be glad to read about it.

All I know is that government IT systems do include a a good many XP clients for what appears to be no reason other than nobody will pay to have the kit upgraded. What I am told about the NHS is that that is the case there too -- with XP machines still being handed out as current kit but I have to admit that most of this is third hand from friends of those who work for the NHS and from conversations with those who work in its peripheries. In other words, Civil Service IT grapevine but I trust it more than the sudden change from "lots of XP machines affected" to "a small percentage, running XP".