UK Hospitals Can Now Store Confidential Patient Records In the Public Cloud

The National Health Service (NHS) has given hospitals the go-ahead to store sensitive patient records in the cloud. "NHS Digital said the advantages of using cloud services include cost savings associated with not having to buy and maintain hardware and software, and availability of backup and fast system recovery," reports ZDNet. "'Together these features cut the risk of health information not being available due to local hardware failure,' said the report." From ZDNet: Rob Shaw, deputy chief executive at NHS Digital, said: "It is for individual organizations to decide if they wish to use cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively." The UK government introduced a 'cloud first' policy for public sector IT in 2013, and NHS Choices and NHS England's Code4Health initiative are already successfully using the cloud. NHS Digital's guidance said that the NHS and social care providers may use cloud computing services for NHS data, although data must only be hosted within the European Economic Area, a country deemed adequate by the European Commission, or in the U.S. where covered by Privacy Shield.

PR disaster in the making

[Tablizer]

"The cloud" is setting itself up for a really huge public failure because a breach in one portion can more easily be re-used in all portions. If the back ends are consistent enough to get the economy-of-scale cloud promises, that consistency also means hackers can leverage their knowledge to get access to a larger group of systems.

This is NOT saying that on average clouds are riskier, it only means that breaches will be quite public because it will affect more organizations.

It's sort of comparable to travelling by car versus plane. Cars are overall more risky per mile, but you don't see car crashes in the news very often, at least not in proportion to those killed. But plane crashes are usually headlines. The cloud is a plane.

Probably better than a bunch of WinXP Machines

[phorm]

They "dispute" the figure of course.

Around the time of WannaCry

"A reported 90 percent of NHS trusts run at least one Windows XP device, an operating system Microsoft first introduced in 2001 and hasn't supported since 2014."

https://www.wired.com/2017/05/...

Re:Probably better than a bunch of WinXP Machines

[tepples]

"At least one" could refer to one air-gapped PC in the whole department that runs a particular application or device driver whose publisher refuses to make available a version compatible with a more recent version of Windows or a competing operating system at a reasonable or any price.

Re:No issues

[Rick+Schumann]

You can encrypt it to the Nth degree and it means nothing if some ransomware re-encypts it, or other malware destroys it. And the backups.

Re:What can possibly go wrong...

Doctors probably think so-called "IT" people are stupid when they come in with high blood pressure from all the Cheetos and pizza.

Are we done now, or shall we go on with unflattering generalizations?

Hint: The "stupid" users you hate so much make for a lot of support jobs.

Re:What can possibly go wrong...

[thegarbz]

And some people wonder why I don't take everything doctors tell me as 'word of God'

And we'll continue to do so. You're comparing someone's knowledge of some completely unrelated skill to something they spent years honing at medical school. I'm a safety systems engineer. The fact I haven't a clue how to knit a sweater and have no intention of ever putting any effort into learning how to knit a sweater doesn't make me a worse engineer as a result.