Hacker News new | comments | show | ask | jobs | submit login

XP and 2003 have been end-of-life for years. They both were released 14+ years ago. So you can just change what I said to:

"because a lot of them have ineffective IT departments/mangement and never applied the MS17-010 patch or are running ancient operating systems."

edit: And in fact, Microsoft did release a special XP hotfix for this vulnerability yesterday: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer...




> because a lot of them are running ancient operating systems that are the only ones that can interoperate with legacy hardware

FTFY


What news reports said anything about legacy hardware? The BBC and Reuters articles claimed the NHS suffered infection of their patient records servers and their reception computers.


Apparently the impacted XP and 2003 machines were accessing the same disk servers as the patient record systems. Thus an infected CAT scanner controller (or whatever) was able to destroy the patient records.

That doesn't tell a story of missing money or maintenance contracts. It tells of poor or even irresponsible and incompetent deployment procedures.

You shouldn't allow your CAT scanner to write over your patient records at a server. You shouldn't even have them in the same network segment.


And on legacy software. My NHS Trust seems to have escaped unscathed, but it has software that won't run on modern systems which is why XP is still seen in most departments.


What software is that? There is a 32-bit version of Windows 10, which can still run 16-bit Windows/DOS programs, and IE11 still supports ActiveX, Silverlight, Java applets and even (in IE10 compatibility mode) VBScript.

So AFAICT 32-bit W10 can run most anything 32-bit XP can (likewise the 64-bit versions, though neither can run 16-bit programs), and IE11 can run most anything IE8 can (with minor configuration).

Is it software that relies on undocumented APIs? (I can't imagine why hospital software would require exotic methods of poking at the kernel or hardware).


A lot of times it's the hardware interface that's the issue. Old stuff uses serial and parallel ports, motherboard slots,or even abuses PS2 for other purposes.

Good luck finding a windows 10 compatible PC that has ISA slots for example. A lot of old custom hardware hooked right into the ISA bus


There is definitely software made for one version of Windows that won't run on another, regardless of bit count. Not a lot of it, but it's there.

In my experience, industrial software is often pretty poorly designed, so it wouldn't surprise me if it's more common in a hospital environment.


because .. drivers?


For what? Surely buying new printers is less expensive in the long or even short run than continuing to use an EOL-ed operating system.


We're not talking about printers.

We're talking about medical equipment, such as CAT scanners, dialysis machines, radiation therapy devices, chemical analysators and the like. Stuff where the computer interface could be an afterthought, added to a machine that was designed years ago with a physical knobs-and-dials type of user interface, and implemented and certified for a particular PC hardware generation. Then this interface PC becomes obsolete in 15 years even if the equipment itself would work for a hundred.


Is there any reason why medical equipment couldn't at least be airgapped or on a network without an outside connection at least? Still seems irresponsible.


Imaging tech here. Remote logins from vendor service staff are very helpful when stuff breaks as they can order parts or suggest fixes without coming in. They also track things like helium levels and water temperatures. Problems in these areas can be very very expensive. Losing a hour can be a loss in thousands in revenue very easily, let alone a few weeks of scanner time and tens (or maybe even low hundreds) of thousands in helium and parts.

Other reasons for network connectivity include retrieving and sending image sequences and data files (basically the actual scans) which is done all day everyday.

The more alarming part is the retrieving of raw data which is the unreconstructed scan. This involves attaching a memory stick that is supposedly clean and uploading to that. Generally this stick is stuck into any old researcher PC and files are off loaded. Vendors don't particularly like this but getting 10-20 gig files off the scanner via command line is pretty clunky at the best of times.


Such devices absolutely should be isolated in separate networks (DMZs), and connections to outside world should be removed except for the bare minimum.

That the NHS has not done this is their actual failing and negligence. It doesn't take that much money to move such devices to a quarantined network.


I mean, they are being systematically under-funded by one of the UK parties such that it will fail, so they can then point at it saying "I told you so", and so then get to adopt a US-like system, so they too can get in on that sweet, sweet cashflow :/


I assume drivers for scanners... but yes, if you underfund a healthcare system (remember half the cost of the US system for better outcomes) and constantly demand "efficiency savings" (and cancel long term Microsoft support contract) managers will cut IT before frontline services.


Places that cut the IT budget first are also places that raise the IT budget last.




Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: