Boost to NHS cyber security as new security measures announced
Please note - this is a Department of Health and Social Care press release which was first published on 28 April 2018.
- £150 million will be spent on cyber security over the next three years
- New multi-million Microsoft security package will ensure all health and care organisations can use the most up-to-date software with the latest security settings
Unsupported Microsoft systems in the NHS will be a thing of the past under new plans announced yesterday to strengthen resilience against cyber-attacks as part of a new multi-million deal with Microsoft.
The deal - the latest in a series of measures to strengthen cyber security in the NHS since the WannaCry attack in May 2017 - will enable NHS Trusts to benefit from enhanced security intelligence. At a local level, individual trusts will have the ability to detect threats, isolate infected machines and kill malicious processes before they are able to spread.
Since 2017 the Government has invested £60 million to address key cyber security weaknesses - with a further £150 million pledged over the next three years to improve resilience, including the setting up of a new NHS Digital Security Operations Centre to boost our ability to prevent, detect and respond to incidents.
This will allow NHS Digital to improve near real-time capability to respond to cyber-attacks, reducing the impact of an attack on NHS infrastructure.
Health Secretary Jeremy Hunt said:
“We know cyber attacks are a growing threat, so it is vital our health and care organisations have secure systems which patients trust.
“We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS against this threat.
“This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.”
Other measures to boost cyber security include:
- £21 million on upgrading firewalls and network infrastructure at major trauma centre hospitals and ambulance trusts to improve security at key emergency sites – protecting technology such as MRI scanners and blood test analysis.
- A further £39 million has been spent this year by NHS trusts to help them address infrastructure weaknesses which prevented them from fully implementing solutions to address all historic cyber alerts
- New powers given to the Care Quality Commission to inspect NHS trusts on their cyber and data security capabilities in conjunction with NHS Digital.
- The Department has launched a Data Security and Protection Toolkit which requires health and care organisations to meet 10 key standards, including appointing a senior executive to oversee data and cyber security.
- A text messaging alert system is in place to ensure trusts have access to accurate information – even when internet and email services are down.
Health Minister Lord O’Shaughnessy said:
“Patient data must be properly protected and this significant investment will help to keep our systems resilient and up-to-date.
“This will give patients greater confidence in how their information is managed by the NHS.”
Sarah Wilkinson, Chief Executive at NHS Digital said:
“We welcome the Secretary of State’s commitment to prioritise cyber security. The new Windows Operating System has a range of advanced security and identity protection features that will help us to keep NHS systems and data safe from attack. This is one of a suite of measures we are deploying to protect the service from cyber attack.”
Cindy Rose, CEO of Microsoft UK said:
“The importance of helping to protect the NHS from the growing threat of cyber-attacks cannot be overstated. The introduction of a centralised Windows 10 agreement will ensure a consistent approach to security that also enables the NHS to rapidly modernise its IT infrastructure.
“This agreement ensures NHS staff have the best tools available to help with the incredible work they do, ultimately enabling them to deliver even greater patient care.”
Notes to editors:
- Cyber risks are a real and ongoing threat for all organisations - it is a matter of ‘when’ not ‘if’ the next attack occurs. The National Cyber Security Centre (NCSC) manages around 60 serious attacks every month. That’s not the total number just those significant enough for the NCSC to deal with.
- While health and care organisations can and should have solid cyber security measures in place, no system is completely impenetrable, as seen by the recent high profile attacks on major global companies.
- The May 12, 2017, the WannaCry cyber-attack affected a wide range of countries and sectors across the globe. It affected at least 80 out of 236 NHS trusts and a further 603 primary care and other organisations, including 595 out of 7,454 General Practices.
- The Microsoft package enables NHS Trusts to benefit from enhanced security intelligence. Windows Defender Advanced Threat Protection will feed into a central NHS Security Operations Centre, creating a centralised, managed, and coordinated framework for the detection of malicious cyber activity and visibility around how threats try to move across the organisation. The service will use Microsoft's vast telemetry sets, advanced analytics, and expert human analysts to reduce the likelihood and impact of security breaches or malware infection. At a local level, individual Trusts will have full management capability across their own estate, including the ability to isolate infected machines, kill malicious processes and gain full visibility of their individual security stance.
- Cyber is a top priority for the UK Government, which is why it is investing £1.9 billion in the National Cyber Security Strategy and opened the National Cyber Security Centre (NCSC).
- The NCSC was set up as the world-class cyber arm of GCHQ and offers unrivalled real-time threat analysis, defence against national cyber attacks and tailored advice to victims when incidents do happen.
Latest News from
New NHS Cyber Chief’s top security tips for Cyber Security Awareness Month04/10/2022 09:15:00
A leading cyber expert at the NHS has set out his top security tips for health and social care workers ahead of Cyber Security Awareness Month.
Latest NHS Digital figures show 21.5% rise in number of people accessing talking therapies: statistical press release30/09/2022 09:15:00
The number of people accessing talking therapies for conditions such as anxiety and depression through the NHS increased by 21.5% from 2020-21 to 2021-22, a new report shows.
Statistics published for all routine childhood vaccinations in England in 2021-22: statistical press release29/09/2022 16:15:00
Coverage for all routine childhood vaccinations administered to children under five in England in 2021-22 has been published today.
Milestone hit with over 30 million NHS App sign-ups and almost 450K new organ donation decisions28/09/2022 16:15:00
The NHS App has now recorded more than 30 million sign-ups, and almost 450,000 new organ donation decisions have been registered via the app.
Annual data on hospital admissions published: statistical press release22/09/2022 16:15:00
The latest annual report on hospital admissions in English NHS hospitals has been published by NHS Digital today.
Decrease in smoking and drug use among school children but increase in vaping, new report shows06/09/2022 13:10:00
New figures from NHS Digital show a decrease in numbers of school children taking drugs and smoking cigarettes but a rise in vaping, with 9% of 11 to 15 year olds currently using e-cigarettes.
9.5% decrease in adults seen by dentists in past two years25/08/2022 13:05:00
The number of adults seen by NHS dentists within recommended timeframes decreased by 9.5% in 2021-22 against the previous year, a report published by NHS Digital today shows.
Statistics on adult safeguarding published in new report25/08/2022 12:05:00
The latest information on safeguarding concerns reported to local authorities in England has been published today by NHS Digital.