Boost to NHS cyber security as new security measures announced
Please note - this is a Department of Health and Social Care press release which was first published on 28 April 2018.
- £150 million will be spent on cyber security over the next three years
- New multi-million Microsoft security package will ensure all health and care organisations can use the most up-to-date software with the latest security settings
Unsupported Microsoft systems in the NHS will be a thing of the past under new plans announced yesterday to strengthen resilience against cyber-attacks as part of a new multi-million deal with Microsoft.
The deal - the latest in a series of measures to strengthen cyber security in the NHS since the WannaCry attack in May 2017 - will enable NHS Trusts to benefit from enhanced security intelligence. At a local level, individual trusts will have the ability to detect threats, isolate infected machines and kill malicious processes before they are able to spread.
Since 2017 the Government has invested £60 million to address key cyber security weaknesses - with a further £150 million pledged over the next three years to improve resilience, including the setting up of a new NHS Digital Security Operations Centre to boost our ability to prevent, detect and respond to incidents.
This will allow NHS Digital to improve near real-time capability to respond to cyber-attacks, reducing the impact of an attack on NHS infrastructure.
Health Secretary Jeremy Hunt said:
“We know cyber attacks are a growing threat, so it is vital our health and care organisations have secure systems which patients trust.
“We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS against this threat.
“This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.”
Other measures to boost cyber security include:
- £21 million on upgrading firewalls and network infrastructure at major trauma centre hospitals and ambulance trusts to improve security at key emergency sites – protecting technology such as MRI scanners and blood test analysis.
- A further £39 million has been spent this year by NHS trusts to help them address infrastructure weaknesses which prevented them from fully implementing solutions to address all historic cyber alerts
- New powers given to the Care Quality Commission to inspect NHS trusts on their cyber and data security capabilities in conjunction with NHS Digital.
- The Department has launched a Data Security and Protection Toolkit which requires health and care organisations to meet 10 key standards, including appointing a senior executive to oversee data and cyber security.
- A text messaging alert system is in place to ensure trusts have access to accurate information – even when internet and email services are down.
Health Minister Lord O’Shaughnessy said:
“Patient data must be properly protected and this significant investment will help to keep our systems resilient and up-to-date.
“This will give patients greater confidence in how their information is managed by the NHS.”
Sarah Wilkinson, Chief Executive at NHS Digital said:
“We welcome the Secretary of State’s commitment to prioritise cyber security. The new Windows Operating System has a range of advanced security and identity protection features that will help us to keep NHS systems and data safe from attack. This is one of a suite of measures we are deploying to protect the service from cyber attack.”
Cindy Rose, CEO of Microsoft UK said:
“The importance of helping to protect the NHS from the growing threat of cyber-attacks cannot be overstated. The introduction of a centralised Windows 10 agreement will ensure a consistent approach to security that also enables the NHS to rapidly modernise its IT infrastructure.
“This agreement ensures NHS staff have the best tools available to help with the incredible work they do, ultimately enabling them to deliver even greater patient care.”
Notes to editors:
- Cyber risks are a real and ongoing threat for all organisations - it is a matter of ‘when’ not ‘if’ the next attack occurs. The National Cyber Security Centre (NCSC) manages around 60 serious attacks every month. That’s not the total number just those significant enough for the NCSC to deal with.
- While health and care organisations can and should have solid cyber security measures in place, no system is completely impenetrable, as seen by the recent high profile attacks on major global companies.
- The May 12, 2017, the WannaCry cyber-attack affected a wide range of countries and sectors across the globe. It affected at least 80 out of 236 NHS trusts and a further 603 primary care and other organisations, including 595 out of 7,454 General Practices.
- The Microsoft package enables NHS Trusts to benefit from enhanced security intelligence. Windows Defender Advanced Threat Protection will feed into a central NHS Security Operations Centre, creating a centralised, managed, and coordinated framework for the detection of malicious cyber activity and visibility around how threats try to move across the organisation. The service will use Microsoft's vast telemetry sets, advanced analytics, and expert human analysts to reduce the likelihood and impact of security breaches or malware infection. At a local level, individual Trusts will have full management capability across their own estate, including the ability to isolate infected machines, kill malicious processes and gain full visibility of their individual security stance.
- Cyber is a top priority for the UK Government, which is why it is investing £1.9 billion in the National Cyber Security Strategy and opened the National Cyber Security Centre (NCSC).
- The NCSC was set up as the world-class cyber arm of GCHQ and offers unrivalled real-time threat analysis, defence against national cyber attacks and tailored advice to victims when incidents do happen.
Latest News from
NHS Digital and PHIN launch consultation on next phase of Acute Data Alignment Programme19/02/2020 15:05:00
NHS Digital and the Private Healthcare Information Network (PHIN) have launched a consultation as part of the next phase of a programme to align private healthcare data with NHS recorded activity.
Digital midwives win prestigious award for their use of tech14/02/2020 16:25:00
An NHS Digital-run group for digital midwives has won an award for 'Use of Technology in Midwifery' at the British Journal of Midwifery awards.
Latest patient outcomes data on hip and knee replacements published today13/02/2020 14:25:00
The results from questionnaires completed by patients who have undergone hip and knee replacements have been published by NHS Digital today.
Local digital adult social care projects awarded share of £4.5m12/02/2020 09:15:00
Sixteen organisations that provide and commission adult social care services are to receive a share of £4.5m to enable them to roll out their local digital projects on a wider scale.
Digital champions key to tackling distrust in online health confidentiality07/02/2020 12:43:00
A lack of skills and a distrust of health information online are two of the biggest barriers for patients to use the internet, according to new research.
Analysis of Pathways NHS111 calls linked to hospital attendances published07/02/2020 09:15:00
NHS Digital yesterday published the experimental statistics analysing data from Pathways1 NHS111 calls linked to Hospital Episode Statistics.
National expansion of Real Time Exemption Checking service for prescriptions06/02/2020 14:15:00
An NHS electronic system which enables pharmacies to immediately check if a patient is eligible for free prescriptions is being rolled out nationally.
Around 360,000 admissions to hospital as a result of alcohol in 2018/1905/02/2020 09:15:00
Drinking alcohol was the main reason for 358,000 admissions to hospital in 2018/19 according to new figures published yesterday by NHS Digital.