NHS's 1.2 million employees are trapped in a 'reply-all' email hell

This made me lol

Ah, good old reply all.
It's bad enough that happening with a couple thousand employees. 1.2M must be a real drag on the backend systems.

I heard about this earlier this afternoon. It was bad enough someone sent a test email out to everyone. That person should be shot for doing so. But those people who replied by hitting reply all should have email access banned for at least a week for being so silly.

We support a medical NHS contract OOH, I'm on shift tonight.
I hope this doesn't make work for me tonight. I'd quite like a quiet final night tonight.

Mark

Sorry, but the story is almost certainly bollocks. Assuming the NHSs' sysadmins have the least knowledge of what they're doing - and while I've only met a few of them, the ones I have have not immediately struck me as idiots

1) Any decent sysadmin will have set a limit on the number of emails a standard user can send in a day. Nobody in the NHS should be able to hit 'replay all' and send out an email to 1.2 million people. That's just stupid.

2) Any decent sysadmin, if faced with an email generating a lot of traffic, can come up with rule that drops any further responses to that email or related traffic. This is literally 'day one on the job' stuff. To not have done so at the very first opportunity would be stupid.

3) Many email systems store an email sent to many people on the system a single message, with link to all the accounts that email was sent to. This makes it very easy to remove emails that have been sent to lots of people - it's effectively one typed command. The sysadmins should be able to very easily remove the email from the inboxes of staff and prevent any further responses.

4) There almost certainly is not a mailing list with 'All NHS staff' on it anyway. What would be the point of that? Hardly anybody is actually employed by 'The NHS'. Apart from the whole privatisation thing, many staff are employed by hospitals and trusts which are essentially autonomous. GPs are essentially self-employed. Exactly what do a cleaner in a hospital in Dundee and a GP in a practice Cornwall have in common that requires them to be simultaneously sent an email to? The IT in the NHS is utterly unintegrated, yet somehow the email accounts all exists in one amorphous mass? Pull the other one.

5) Even if such a list did exist, it would be moderated to hell and back. Every email sent though it would need senior management approval, the internal marketing department would see to that.
Jon

I've seen the email. Went out to contractors/3rd parties as well.
Our client thought it was spam/spoofed.

Sadly Jon, the emails are real. I have an NHS.net account somewhere but have long since forgotten the username or password but colleagues have been talking about it. Remember, this is an email set up where I can type a person's name into the sendto field and it will come up suggestions of email addresses on NHS.net eg start typing Joe Blo ans it will suggest Joe Bloggs, which if selected will enter joe.bloggs@nhs.net.

Effing Christ almighty. Then their email systems AND their networks were both designed by chimps.

Fair enough, but it really shouldn't take '*" to mean 'everyone on the intranet'.

Some of the references I've seen suggest they may be running either Exchange or Office365at least. I'd dearly love to know who is actually running that system. Or more probably, WAS running that system. Because it doesn't sound like they had a clue what they were doing. Letting one email get through is bad enough, but then not even culling them out and stopping the responses... this is really basic stuff in these circumstances.

Completely agree.

This is the NHS we're talking about. Are you really surprised?

From what I gather, the sender was trying to create a mailing list but managed to include 840,000 names on the list. NHS Digital is blaming a third party system rather than the sender.

IIRC the whole of the NHS's email is 'third party', they outsourced it en masse about a year ago. Gave us some trouble at the time because for about the first six weeks it would just randomly reject incoming email for about an hour each day...

Everything I hear about this makes me think worse of the people who've set the thing up. Yes, the poor sod who clicked 'send' isn't to blame, the people who set the system up in such a shoddy way that what he did was still possible are to blame. By what I've heard they pretty much seem to have taken it out of the box, handed it over then took the cheque and ran.