Data and securityCyber SecurityNHS cyber security to be strengthened

NHS cyber security to be strengthened

Department of Health agrees Windows 10 security deal with Microsoft

The NHS has agreed a new multi-million pound package with Microsoft that will ensure all NHS organisations to use Windows 10 and strengthen their defence against future cyber attacks.

More than a third of NHS trusts in the UK were disrupted by the WannaCry ransomware attack last year, according to the National Audit Office, which led to the cancellation of 6,900 appointments. NHS devices will be upgraded to Windows 10 in an attempt to prevent the disruption happening again. Windows 10 includes features such as SmartScreen, which performs reputation checks on websites and block malicious ones; and Defender, a robust anti-malware solution.

In addition, the NHS’s resilience against attacks will be further boosted through the creation of a new digital security operations centre to prevent, detect and respond to incidents. It will also improve the ability of NHS Digital to respond to attacks, reducing the impact on trusts.

The centre will:

  • allow NHS Digital to respond to cyber attacks more quickly
  • allow local trusts to detect threats, isolate infected machines and kill the threat before it spreads

Other measures to improve cyber security include:

  • £21m to upgrade firewalls and network infrastructure at major trauma centre hospitals and ambulance trusts
  • £39m spent by NHS trusts to address infrastructure weaknesses
  • new powers given to the Care Quality Commission to inspect NHS trusts on their cyber and data security capabilities
  • a data security and protection toolkit which requires health and care organisations to meet 10 security standards
  • a text messaging alert system to ensure trusts have access to accurate information – even when internet and email services are down

Jeremy Hunt, the Health and Social Care Secretary, commented: “We know cyber attacks are a growing threat, so it is vital our health and care organisations have secure systems which patients trust.

“We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS as far as reasonably possible against this threat. This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.”

The Microsoft deal will also allow NHS trusts to update their systems with the latest Windows 10 security features for free via the internet as they become available, helping them detect viruses, phishing and malware, isolate infected machines and kill malicious processes before they are able to spread.

Cindy Rose, Chief Executive of Microsoft UK, said: “The importance of helping to protect the NHS from the growing threat of cyber attacks cannot be overstated. The introduction of a centralised Windows 10 agreement will ensure a consistent approach to security that also enables the NHS to rapidly modernise its IT infrastructure.

“This agreement ensures NHS staff have the best tools available to help with the incredible work they do, ultimately enabling them to deliver even greater patient care.”

Welcome news

The news has, on the whole, been welcomed by the sector. Simon Townsend, CTO – EMEA at Ivanti, said: “The new licensing agreement that the NHS has signed with Microsoft is fantastic news. It first signed a deal with Microsoft to provide all of its desktop software – from operating systems to Office programmes – in 2004. For six years it had the latest of everything and was kept secure and patched up until austerity hit in 2010 and the deal ended. This left the NHS in a bad position because it had previously been using £270m worth of Microsoft software for less than £65m a year. When the agreement was thrust out from under it, the NHS was left unable to cope, and individual trusts were effectively left to fend for themselves.

“So, eight years later, the state of the NHS’s IT systems is poor. It has been relying on legacy systems, leaving it completely under-equipped for cyber attacks like WannaCry, as well as other contemporary issues such as GDPR compliance. How could it be expected to handle 2018 problems with 2002 technology? This is why WannaCry was so damaging. Criminals exploited that some trusts were using unpatched Windows 7 systems and some were using completely unsupported Windows XP systems.

“After the attack, the NHS did sign a new agreement, specifically for cybersecurity, with Microsoft. The custom support agreement and Enterprise Threat Detection Service (ETDS) provided it with patches and updates for all existing Windows devices operating as XP, Windows Server 2003 and SQL 2005. However, in January of this year, it was exposed that only 2% of the NHS had actually deployed the ETDS. The latest update was that all trusts tested for vulnerabilities by the civil service didn’t meet standard requirements, meaning that they were most definitely not ready to face another large-scale attack.

“All of this shows why it is such a massive turning point that a new licensing deal has been signed. Individual NHS trusts have not had the time or budget to upgrade their systems and have been crying out for a solution like this that comes from the top. A lot of money and time has been squandered because of the prior reliance on legacy technology, so this new contract should go a long way in helping the NHS get back up to where it needs to be.”

Related Articles

Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

8h Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

1w Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

1w Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

2w Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

2m Jay Ashar
AI support: Outnumbered but not outgunned

Cyber Security AI support: Outnumbered but not outgunned

2m Piers Wilson
A shot in the arm for Bristol's cybersecurity

Cyber Security A shot in the arm for Bristol's cybersecurity

2m Jay Ashar
Cyber security starts with people and processes

Cyber Security Cyber security starts with people and processes

2m Austin Clark