A healthcare worker, recently returned from Sierra Leone to Glasgow, is loaded onto a plane for London for treatment for the UK's first case of Ebola. These resources are not available in the developing world. Photo: Getty Images
Show Hide image

Does Western medical research still have #firstworldproblems?

When more money in Britain is spent on researching cures for baldness than for malaria, then there's a problem.

In a society obsessed with appearance, a healthy head of hair is to die for. We spend more money worldwide on curing baldness than malaria, which killed half a million people in 2013 (that’s roughly the population of Edinburgh).

It feels like every year we’re edging closer and closer to winning the battle against baldness. Just last week it was announced that scientists may have found a cure for male pattern baldness using stem cells. That’s great news for old balding men, though not so great for the 1.4 billion people suffering from fatal diseases ignored by the Western world.

When it comes to medical research and funding, some diseases are favoured more than others. David Cameron named dementia as “one of the greatest enemies of humanity”. He said this last year during the launch of a government-funded research campaign, which put forward £100 million to help find a cure for dementia by 2025.

Forty million people suffer with dementia worldwide. Yet there are other equally devastating diseases that fail to attract the same sense of urgency, attention, and money. For example, elephantiasis, which globally afflict 120 million people, and soil-transmitted helminthiasis, which afflicts over 1 billion people. These are just a few of the "neglected tropical diseases" — a term describing a group of infectious illnesses that cause suffering to people in the poorest countries due to lack of basic health care services. They are known for affecting the economically and politically marginalised, and pose little threat to high-income countries.

Over the past ten years the West has become somewhat more concerned with neglected tropical diseases, and has taken steps to address the problem. Last month, a new initiative was launched in Parliament called the University Global Health Research League Table (GHRLT), which aims to create awareness of how university research policies can positively impact the health needs of developing countries. This is the first of its kind in the UK - a disappointing fact when you consider how influential they are, with more than 30 per cent of new drugs developed at universities. However, research and medicine is difficult to access and often unaffordable for those in developing countries. Perhaps the increased attention to neglected tropical diseases is owed to the realisation that one day they might become not-so-tropical - and hair loss may not be as much of a priority as diseases that cause death.

Ebola, for example, also a neglected tropical disease, very recently saw the largest, deadliest, and most complex outbreak since its discovery in humans almost 40 years ago. Prior to this epidemic, the World Health Organisation (WHO) has records of 26 outbreaks, and nearly 2000 cases of the virus between 1976 and 2013, most of which were in sub-Saharan Africa. But when the WHO declared Ebola as an international health emergency in August of last year, it highlighted the fact that there were no proven cures, treatments, or vaccines to prevent infection. It caused a global panic, which even lead CNN to ask whether Ebola was the "Isis of biological agents".

Diseases shouldn’t become a concern only when it threatens the adults, children, family and friends of the wealthy western populations. Even though Ebola was unlikely to cause a major outbreak in the UK, the symptoms - bleeding from the eyes, ears, anus and other orifices, before finally dying - were difficult to ignore. It forced many to look at global health issues from a different perspective.

However, sudden surges of western interest in tropical diseases are not new. They've historically been linked with politics, war and colonialism - for example, research into tropical diseases, such as Yellow Fever, only became an area of concern when it caused settlers and soldiers to become ill, therefore interfering with Europeans attempt to control Africa. People in developing countries make up 80 per cent of the global population, yet only account for approximately 20 per cent of global medicine sales. Without economic incentives it's unlikely that drug manufacturers would dedicate money, time and research into creating new drugs for populations unable to afford them.

The GHRLT showed that, of the 25 top-funded universities, most were not investing a substantial proportion of their research budget into global health. This includes the University of Cambridge, which ranks 15th in the league table. Eight universities were awarded a grade D or worse (on a scale from A+ to D-) for their commitment to global health. And only seven showed commitment to making their findings easily accessible to those in developing countries. “Most universities are not doing enough to tackle the needs of the poorest”, said co-lead of the initiative, Dzintars Gotham. “Universities should take seriously their ability to do work in areas that are neglected by profit-seeking companies.”

Medical research is expensive even for wealthy countries like the UK, let alone for developing countries. Universities should invest more of their research budgets into global health and medicine, as well as sharing their knowledge and discoveries in ways that are easily accessible to the world’s poorest countries. The unrestricted availability of scientific research papers is important for everyone, but particularly for global health as it helps scientists from developing countries progress in their own research.

While Cameron may consider dementia “one of the greatest enemies of humanity”, I disagree. The greatest enemy of humanity is not just one disease, or many - it is the West spending more money on curing baldness than malaria, and ignoring the medical needs of the marginalised, unless or until it becomes a threat. 

Show Hide image

How hackers held the NHS to ransom

NHS staff found their computer screens repleaced by a padlock and a demand for money. Eerily, a junior doctor warned about such an attack days earlier. 

On Friday, doctors at Whipps Cross Hospital, east London, logged into their computers, but a strange red screen popped up. Next to a giant padlock, a message said the files on the computer had been encrypted, and would be lost forever unless $300 was sent to a Bitcoin account – a virtual currency that cannot be traced. The price doubled if the money wasn’t sent within six days. Digital clocks were counting down the time.

It was soon revealed Barts Health Trust, which runs the hospital, had been hit by ransomware, a type of malicious software that hijacks computer systems until money is paid. It was one of 48 trusts in England and 13 in Scotland affected, as well as a handful of GP practices. News reports soon broke of companies in other countries hit. It affected 200,000 victims in 150 countries, according to Europol. This included the Russian Interior Ministry, Fedex, Nissan, Vodafone and Telefonica. It is thought to be the biggest outbreak of ransomware in history.

Trusts worked all through the weekend and are now back to business as usual. But the attack revealed how easy it is to bring a hospital to its knees. Patients are rightly questioning if their medical records are safe. Others fear hackers may strike again and attack other vital systems. Defence minister Michael Fallon was forced to confirm that the Trident nuclear submarines could not be hacked.

So how did this happen? The virus, called WannaCry or WannaDecrypt0r, was an old piece of ransomware that had gained a superpower. It had been combined with a tool called EternalBlue which was developed by US National Security Agency spies and dumped on the dark web by a criminal group called Shadow Brokers. Computers become infected with ransomware when somebody clicks on a dodgy link or downloads a booby-trapped PDF, but normally another person has to be fooled for it to harm a different computer. EternalBlue meant the virus could cascade between machines within a network. It could copy itself over and over, moving from one vulnerable computer to the next, spreading like the plague. Experts cannot trace who caused it, whether a criminal gang or just one person in their bedroom hitting "send".

Like a real virus, it had to be quarantined. Trusts had to shut down computers and scan them to make sure they were bug-free. Doctors – not used to writing anything but their signature – had to go back to pen and paper. But no computers meant they couldn’t access appointments, referral letters, blood tests results or X-rays. In some hospitals computer systems controlled the phones and doors. Many declared a major incident, flagging up that they needed help. In Barts Health NHS Trust, ambulances were directed away from three A&E departments and non-urgent operations were cancelled.

The tragedy is that trusts had been warned of such an attack. Dr Krishna Chinthapalli, a junior doctor in London, wrote an eerily premonitory piece in the British Medical Journal just two days earlier telling hospitals they were vulnerable to ransomware hits. Such attacks had increased fourfold between 2015 and 2016, he said, with the money being paid to the criminals increased to $1bn, according to the FBI. NHS trusts had been hit before. A third reported a ransomware attack last year, with Imperial College London NHS Trust hit 19 times. None admitted to paying the ransom.

Hospitals had even been warned of this exact virus. It exploited a vulnerability in Microsoft Windows operating systems – but Microsoft had been tipped off about it and raised the red flag in March. It issued a patch – an update which would fix it and stop systems being breached this way. But this patch only worked for its latest operating systems. Around 5 per cent of NHS devices are still running the ancient Windows XP, the equivalent of a three-wheeled car. Microsoft said it would no longer create updates for it two years ago, rendering it obsolete.

There are many reasons why systems weren’t updated. Labour and the Lib Dems were quick to blame the attack on lack of Tory funding for the NHS. It is clear cost was an issue. Speaking on BBC Radio 4’s PM programme on Saturday, ex-chief of NHS Digital Kingsley Manning estimated it would take £100m a year to update systems and protect trusts against cyber attacks. Even if that money was granted, there is no guarantee cash-strapped trusts would ringfence it for IT; they may use it to plug holes elsewhere.

Yet even with the money to do so updating systems and applying patches in hospitals is genuinely tricky. There is no NHS-wide computer system – each trust has its own mix of software, evolved due to historical quirk. New software or machines may be coded with specific instructions to help them run. Changing the operating system could stop them working – affecting patient care. While other organisations might have time to do updates, hospital systems have to be up and running 24 hours a day, seven days a week. In small hospitals, it’s a man in a van manually updating each computer.

Some experts believe these are just excuses; that good digital hygiene kept most trusts in the UK safe. "You fix vulnerabilities in computers like you wash your hands after going to the toilet," said Professor Ross Anderson, a security engineering expert at Cambridge University. "If you don't, and patients die, excuses don't work and blame shifting must not be tolerated."

It is not known yet if any patients have died as a result of the attack, but it certainly raised fears about the safety of sensitive medical records. This particular virus got into computer files and encrypted them – turning them into gooble-de-gook and locking doctors out. Systems were breached but there have been no reports of records being extracted. Yet the scale of this attack raises fears in future the NHS could be targeted for the confidential data it holds. "If it’s vulnerable to ransomware in this way, it could be vulnerable to other attacks," said Professor Alan Woodward security expert at the University of Surrey's department of computing.

In the US, there have been examples where ransomware attacks have led to patient data being sucked out, he said. The motivation is not to embarrass people with piles or "out" women who have had an abortion, but because medical information is lucrative. It can be sold to criminals for at least $10, a price 10 times higher than can be earned by selling credit card details. Dossiers with personal identification information – known as "fullz" on the dark web – help crooks commit fraud and carry out scams. The more personal details a conman knows about you the more likely you are to fall for their hustle.

Hospital data is backed up at least hourly and three copies are kept, one offsite, so it is unlikely any medical records or significant amounts of data will have been lost – although the hack will cost the NHS millions in disruption. A British analyst, who tweets under the name Malware Tech, became an unlikely hero after accidentally finding a killswitch to stop the virus replicating. He registered a website, whose presence signalled to the virus it should stop. Yet he admits that a simple tweak of the code would create a new worm able to infect computers.

Experts warn this event could trigger a spate of copycat attacks. Hacker may turn their eyes to other public services. Dr Brian Gladman, a retired Ministry of Defence director, and ex-director of security at Nato, points out that our entire infrastructure, from the national grid, food distribution channels to the railways rely on computer systems. We now face an arms race – and criminals only have to get lucky once.

"We’re going to get more attacks and more attacks and it’s going to go on," he said. "We’ve got to pay more attention to this."

Madlen Davies is a health and science reporter at The Bureau of Investigative Journalism. She tweets @madlendavies.

0800 7318496