Microsoft and NHS Digital sign new agreement for cybersecurity

  • 14 August 2017
Microsoft and NHS Digital sign new agreement for cybersecurity

NHS Digital has signed a new agreement with Microsoft, which includes patches for all its current Windows devices operating XP.

The custom support agreement will cover all NHS organisations in the UK with the contract running until June 2018, as part of NHS Digital’s cybersecurity efforts.

The new agreement will mean that Microsoft will provide NHS Digital with a “centralised, managed and coordinated framework for the detection of malicious cyber activity through its enterprise threat detection software”, said a NHS Digital spokeswoman.

This software “analyses intelligence and aims to reduce the likelihood and impact of security breaches or malware infection across the NHS”.

The agreement will provide patches and updates for all existing Windows devices operating with Windows XP, Windows Server 2003 and SQL 2005.

A new support deal for redundant Microsoft software was referenced in the government’s response, published 12 July, to Dame Fiona Caldicott’s review into data protection from last summer.

The government response referred to “working in partnership with Microsoft to help mitigate the immediate risks associated with unsupported software”.

The report said Windows XP support will be withdrawn nationally from 2018. According to NHS Digital figures 4.7% of trusts which use Windows XP, down from 18% in the past 18 months.

It noted, “central support for NHS Digital’s national applications operating on outdated platforms will be phased out, with Windows XP support being withdrawn from 2018”, the report states.

“Local organisations should be aiming to have isolated, moved away from or be actively managing any unsupported systems by April 2018.”

The NHS’ vulnerability to cyber-attacks was thrown into sharp relief in May’s WannaCry malware attack, where hackers exploited a known single Microsoft vulnerability.  The global cyber-attack hit the NHS particularly hard, with 20% of trusts affected.

Rob Shaw, the acting chief executive of NHS Digital, has defended the agency’s response to the cyber-attack and described WannaCry as the “hardest dress rehearsal of what could happen if things really went wrong” in a cyber-attack.

Microsoft stopped providing support for Windows XP in April 2014 but according to Digital Health Intelligence 2015 data on NHS infrastructure, as many as 20% of NHS organisations could still be making use of it, and around 90% are thought to run something on it somewhere in their organisation, often in clinical systems or imaging equipment.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

King’s speech sets out Labour’s plans for cyber security, digital and data

King’s speech sets out Labour’s plans for cyber security, digital and data

Prime Minister Keir Starmer's plans to introduce legislation for cyber security, digital and data were outlined in the King’s Speech on 17 July.
Patient groups oppose NHSE plans for unified clinical registry platform

Patient groups oppose NHSE plans for unified clinical registry platform

Patient groups for people with blood disorders have raised concerns about NHS England plans to combine clinical registries in a single platform.
Harnessing AI and cybersecurity to transform healthcare in the UK

Harnessing AI and cybersecurity to transform healthcare in the UK

The UK healthcare sector is in a transformative era, driven by advancements in artificial intelligence (AI). AI has the potential to revolutionise healthcare by improving…

3 Comments

  • A major reason Trust’s don’t move from legacy operating systems, is because host applications will break, or be unsupported by the vendor. Vendor lock in, or poorly negotiated contracts play an equal part.

  • It’s a nice idea, but the money and effort from NHS and Microsoft could equally have gone into offering practical support (and perhaps some discounting) to help Trusts ditch XP rapidly to better effect.

  • “Local organisations should be aiming to have isolated, moved away from or be actively managing any unsupported systems by April 2018.”
    Why bother, there’s bound to be yet another extension.

Comments are closed.