According to the DoHSC announcement, unsupported Microsoft systems in the NHS will be a thing of the past under new plans to strengthen resilience against cyber-attacks as part of a new multi-million deal with Microsoft
The deal – the latest in a series of measures to strengthen cyber-security in the NHS since the WannaCry attack in May 2017 – will enable NHS Trusts to benefit from enhanced security intelligence. At a local level, individual trusts will have the ability to detect threats, isolate infected machines and kill malicious processes before they are able to spread.
Since 2017 the government has invested £60m to address key cyber-security weaknesses – with a further £150m pledged over the next three years to improve resilience, including the setting up of a new NHS Digital Security Operations Centre to boost our ability to prevent, detect and respond to incidents.
This will allow NHS Digital to improve near real-time capability to respond to cyber-attacks, reducing the impact of an attack on NHS infrastructure.
Health Secretary Jeremy Hunt said: “We know cyber attacks are a growing threat, so it is vital our health and care organisations have secure systems which patients trust.
“We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS against this threat.
“This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.”
Other measures to boost cyber-security include:
- £21m on upgrading firewalls and network infrastructure at major trauma centre hospitals and ambulance trusts to improve security at key emergency sites – protecting technology such as MRI scanners and blood test analysis.
- A further £39m has been spent this year by NHS trusts to help them address infrastructure weaknesses which prevented them from fully implementing solutions to address all historic cyber alerts.
- New powers given to the Care Quality Commission to inspect NHS trusts on their cyber and data security capabilities in conjunction with NHS Digital.
- The Department has launched a Data Security and Protection Toolkit which requires health and care organisations to meet 10 key standards, including appointing a senior executive to oversee data and cyber security.
- A text messaging alert system is in place to ensure trusts have access to accurate information – even when internet and email services are down.
Health Minister Lord O’Shaughnessy said: “Patient data must be properly protected and this significant investment will help to keep our systems resilient and up-to-date.
“This will give patients greater confidence in how their information is managed by the NHS.”
Sarah Wilkinson, chief executive at NHS Digital said: “We welcome the Secretary of State’s commitment to prioritise cyber-security. The new Windows Operating System has a range of advanced security and identity protection features that will help us to keep NHS systems and data safe from attack. This is one of a suite of measures we are deploying to protect the service from cyber attack.”
Cindy Rose, CEO of Microsoft UK said: “The importance of helping to protect the NHS from the growing threat of cyber-attacks cannot be overstated. The introduction of a centralised Windows 10 agreement will ensure a consistent approach to security that also enables the NHS to rapidly modernise its IT infrastructure.
“This agreement ensures NHS staff have the best tools available to help with the incredible work they do, ultimately enabling them to deliver even greater patient care.”