In the wake of the global WannaCry ransomware attacks, NHS Digital has signed a cyber security support agreement with Microsoft.
The WannaCry attacks in May 2017 highlighted the vulnerability of unpatched operating systems, with the attack exploiting a vulnerability that had been patched by Microsoft two months before.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
The WannaCry attacks also highlighted system-wide issues around lack of infrastructure investment and the need for cyber security training and awareness among NHS staff.
Although computers running Windows 7 were most heavily affected, WannaCry once again highlighted the fact that the NHS continues to rely on Windows XP, despite the fact that the government decided to end extended support for this obsolete operating system in April 2015.
WannaCry, which caused major disruption across the NHS, thrust the risk of unpatched operating systems into the spotlight, and just three months later NHS Digital has put measures in place to ensure Windows XP machines will once again get security updates.
Although WannaCry was not specifically targeted at the NHS, it raised questions about the resilience of the service’s IT systems.
In July 2017, the government announced it would boost investment in NHS data and cyber security above the £50m identified in the Spending Review to address key structural weaknesses, such as unsupported systems.
The additional funding is part of a package of measures to improve NHS cyber security, announced by the government in response to a review on data security and data sharing in the health and social care system by national data guardian Fiona Caldicott, published in July 2016.
In announcing the additional cyber security funding, the government said an initial £21m would be targeted at increasing the cyber resilience of major trauma sites as an immediate priority, and improve NHS Digital’s national monitoring and response capabilities.
The custom support agreement that covers all NHS organisations in the UK until June 2018 includes security updates for Windows XP, Windows Server 2003 and MS SQL 2005. According to the government’s response to the Caldicott review, Windows XP support will be withdrawn from 2018.
In the light of this deadline, NHS Digital claims that only 4.7% of trusts use Windows XP, which is down from 18% in the past 18 months.
In line with the spending announcement, Microsoft will also provide NHS Digital with a “centralised, managed and coordinated framework for the detection of malicious cyber activity through its enterprise threat detection software”, according to a statement by NHS Digital cited by Digitalhealth.