The Department of Health and Social Care has agreed a deal with Microsoft that will enable all NHS organisations to use Windows 10 in a bid to improve defences against future cyber attacks.

The outbreak of WannaCry in May last year affected one third of NHS trusts in England, leading to the cancellation of thousands of appointments and operations as staff were locked out of devices and IT systems.

In an effort to further build cyber resilience across the NHS, the Department for Health and Social Care has announced an agreement with Microsoft that will see NHS devices upgraded to Windows 10, the technology firm’s latest operating system, which features significantly more robust security tools.

It will also improve the ability of NHS Digital to respond to attacks, reducing the impact on trusts.

Sarah Wilkinson, chief executive at NHS Digital said: “We welcome the Secretary of State’s commitment to prioritise cyber security. The new Windows Operating System has a range of advanced security and identity protection features that will help us to keep NHS systems and data safe from attack. This is one of a suite of measures we are deploying to protect the service from cyber attack.”

The Microsoft deal will allow NHS trusts to update their systems with the latest Windows 10 security features for free via the internet as they become available, helping them detect viruses, phishing and malware, isolate infected machines and kill malicious processes before they are able to spread.

Cindy Rose, chief executive of Microsoft UK, said: “The importance of helping to protect the NHS from the growing threat of cyber-attacks cannot be overstated. The introduction of a centralised Windows 10 agreement will ensure a consistent approach to security that also enables the NHS to rapidly modernise its IT infrastructure.”

The government also announced it is pledging a further £150 million over the next three years to improve resilience, including the setting up of a new NHS Digital Security Operations Centre to boost the public body’s ability to prevent, detect and respond to incidents.

Digital Health News understands the deal with Microsoft is not included in the £150 million pledge from government.

Other measures include:

  • £21 million on upgrading firewalls and network infrastructure at major trauma centre hospitals and ambulance trusts to improve security at key emergency sites – protecting technology such as MRI scanners and blood test analysis.
  • £39 million has been spent this year by NHS trusts to help them address infrastructure weaknesses which prevented them from fully implementing solutions to address all historic cyber alerts
  • New powers given to the Care Quality Commission (CQC) to inspect NHS trusts on their cyber and data security capabilities in conjunction with NHS Digital.
  • The launch of a Data Security and Protection Toolkit which requires health and care organisations to meet 10 key standards, including appointing a senior executive to oversee data and cyber security.
  • A text messaging alert system is in place to ensure trusts have access to accurate information – even when internet and email services are down.