Microsoft and NHS Digital sign new agreement for cybersecurity

  • 14 August 2017
Microsoft and NHS Digital sign new agreement for cybersecurity

NHS Digital has signed a new agreement with Microsoft, which includes patches for all its current Windows devices operating XP.

The custom support agreement will cover all NHS organisations in the UK with the contract running until June 2018, as part of NHS Digital’s cybersecurity efforts.

The new agreement will mean that Microsoft will provide NHS Digital with a “centralised, managed and coordinated framework for the detection of malicious cyber activity through its enterprise threat detection software”, said a NHS Digital spokeswoman.

This software “analyses intelligence and aims to reduce the likelihood and impact of security breaches or malware infection across the NHS”.

The agreement will provide patches and updates for all existing Windows devices operating with Windows XP, Windows Server 2003 and SQL 2005.

A new support deal for redundant Microsoft software was referenced in the government’s response, published 12 July, to Dame Fiona Caldicott’s review into data protection from last summer.

The government response referred to “working in partnership with Microsoft to help mitigate the immediate risks associated with unsupported software”.

The report said Windows XP support will be withdrawn nationally from 2018. According to NHS Digital figures 4.7% of trusts which use Windows XP, down from 18% in the past 18 months.

It noted, “central support for NHS Digital’s national applications operating on outdated platforms will be phased out, with Windows XP support being withdrawn from 2018”, the report states.

“Local organisations should be aiming to have isolated, moved away from or be actively managing any unsupported systems by April 2018.”

The NHS’ vulnerability to cyber-attacks was thrown into sharp relief in May’s WannaCry malware attack, where hackers exploited a known single Microsoft vulnerability.  The global cyber-attack hit the NHS particularly hard, with 20% of trusts affected.

Rob Shaw, the acting chief executive of NHS Digital, has defended the agency’s response to the cyber-attack and described WannaCry as the “hardest dress rehearsal of what could happen if things really went wrong” in a cyber-attack.

Microsoft stopped providing support for Windows XP in April 2014 but according to Digital Health Intelligence 2015 data on NHS infrastructure, as many as 20% of NHS organisations could still be making use of it, and around 90% are thought to run something on it somewhere in their organisation, often in clinical systems or imaging equipment.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Two more Liverpool hospitals impacted by Alder Hey cyber attack

Two more Liverpool hospitals impacted by Alder Hey cyber attack

Alder Hey Children's NHS Foundation Trust has announced that the cyber attack it suffered last week has impacted two more hospitals.
System C to trial AI assistant to ease NHS social care admin

System C to trial AI assistant to ease NHS social care admin

System C is to trial an AI assistant for social care in the NHS to support social care practitioners by reducing their admin burden.
Major cyber security incident declared at Merseyside hospital

Major cyber security incident declared at Merseyside hospital

A “major incident” has been declared at Wirral University Teaching Hospital NHS Foundation Trust “for cyber security reasons”.

3 Comments

  • A major reason Trust’s don’t move from legacy operating systems, is because host applications will break, or be unsupported by the vendor. Vendor lock in, or poorly negotiated contracts play an equal part.

  • It’s a nice idea, but the money and effort from NHS and Microsoft could equally have gone into offering practical support (and perhaps some discounting) to help Trusts ditch XP rapidly to better effect.

  • “Local organisations should be aiming to have isolated, moved away from or be actively managing any unsupported systems by April 2018.”
    Why bother, there’s bound to be yet another extension.

Comments are closed.