Scottish Health Board meltdown highlights headaches for IT managers

Report into incident clears IT team of any blame

An official report into the recent IT meltdown at Scotland's largest health board has proven to IT managers there are disasters that no one can prepare for.

Last month, we reported how more than 700 patients in Glasgow had their appointments cancelled due to a major IT failure that left NHS staff unable to access their records.

NHS Greater Glasgow and Clyde and the Scottish Government conducted an independent review of the problem, which was linked to a rare corruption in the board network's Active Directory system.

The review team, led by Scottish Government chief technology officer Andy McClintock, found that the health board had implemented and managed the Active Directory system well and in line with good practice for the industry.

In fact, he praised the board's IT team and their software suppliers for their professional handling of the incident.

All the best practice procedures had meant that no data had been lost and all appropriate action was taken to try to resolve the issues. It was the sort of nightmare that no one, including the supplier Microsoft, had ever seen before.

The report made eight recommendations to further strengthen the IT system but these were minor and most of them had already been implemented immediately after the incident.

Security expert Graham Cluley said that the report confirmed that there was nothing that could have been done to prevent the problem.

He added that mysteries like this were hugely frustrating for technical people who believe there should be an explanation for everything. However, this particular episode proved that sometimes it was just a case of "sh*t happens".

Clearly, whatever did go wrong has been impossible to determine with the data available, Cluley said. What the case did prove is that when rare events like this happen, all an organisation can do is fall back on effective recovery plans.

"What's important is to have contingency and disaster plans in place so if your systems do go up the swanny you are able to recover with the minimum of disruption," Cluley said.