The Checklist

Only a few parts of the NHS were adversely affected by the RansomWare cyber-attack on Friday 12th May 2017.

This well-known malware was designed to exploit a security loop-hole in out-of-date and poorly maintained computers still using the Windows XP operating system.

And just like virulent organisms and malignant cells … the loop-holes in our IT immune systems were exploited to cause infectious diseases and cancer!


The diagnosis and treatment of these acquired IT diseases is painful, expensive and it comes with no guarantee of a happy outcome.

Lesson: Proactive prevention is better than reactive cure!

And all it requires to achieve it is … a Checklist.


Prevention requires pre-emptive design, and to do this the system needs to be studied, and understood well enough for an early warning system (EWS) to be designed, tested and implemented.

Having an effective EWS also requires that the measured response to an EWS alert has been designed, tested and implemented as well.

The sensor and the effector are linked by something called a processor.

And the processor can be implemented using an easy-to-use, low-cost, effective tool called a Checklist.


The NHS was not cyber-attacked.  Parts of the NHS were more vulnerable than others to a well-known, endemic cyber-threat, and they were more vulnerable because they did not use an effective cyber-security checklist.  An error of omission.


Checklists are not recipes of how or why to do something.  They are primarily there to remind us to do what is required, and to not do what is not required.

But we need to refer to them … we need to befriend them … we need to create them and maintain them. They are our friends and they will protect us from harm.

And if we do that the we will reap the benefits of time and energy that are released in the future – to do with as we choose.