Torso of Doctor, wearing stethoscope around neck

Department of Health agrees Windows 10 security deal with Microsoft

The Department of Health and Social Care has agreed a deal with Microsoft that will enable all NHS organisations to use Windows 10 and strengthen their defence against future cyber attacks.

More than a third of trusts in the UK were disrupted by the WannaCry ransomware attack last year, according to the National Audit Office, which led to the cancellation of 6,900 appointments. WannaCry was an international attack on an unprecedented scale that affected organisations across the globe. While it did not specifically target the NHS, the impact on health organisations was significant.

In an effort to further build cyber resilience across the NHS, the Department for Health and Social Care has announced an agreement with Microsoft that will see NHS devices upgraded to Windows 10, the technology’s firm’s latest operating system that features cutting-edge security features.

It will also improve the ability of NHS Digital to respond to attacks, reducing the impact on trusts.

A blue Microsoft Surface keyboard

Jeremy Hunt, the Health and Social Care Secretary, said: “We know cyber attacks are a growing threat, so it is vital our health and care organisations have secure systems which patients trust.

“We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS as far as reasonably possible against this threat. This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.”

The Microsoft deal will also allow NHS trusts to update their systems with the latest Windows 10 security features for free via the internet as they become available, helping them detect viruses, phishing and malware, isolate infected machines and kill malicious processes before they are able to spread.

Cindy Rose, Chief Executive of Microsoft UK, said: “The importance of helping to protect the NHS from the growing threat of cyber-attacks cannot be overstated. The introduction of a centralised Windows 10 agreement will ensure a consistent approach to security that also enables the NHS to rapidly modernise its IT infrastructure.

“This agreement ensures NHS staff have the best tools available to help with the incredible work they do, ultimately enabling them to deliver even greater patient care.”

Windows 10 includes security features to protect against the ever-changing landscape of malicious activity. A key component of this is Windows Defender ATP, which provides detection, investigation and a fully automated response, and allows for swift and immediate action against any threats.

The Government has invested £60 million since 2017 to address key cyber security weaknesses in the NHS, with a further £150 million pledged over the next three years to improve resilience. This includes the setting up of a new NHS Digital Security Operations Centre to increase the ability to prevent, detect and respond to incidents.

Doctor holding X-ray

WannaCry was the largest cyber attack to have hit the NHS to date

Rob Shaw, Deputy Chief Executive of NHS Digital, said: “The new Windows Operating System has a range of advancements in security and identity protection that will help us to support Trusts to keep their data safe from attacks and which will cover both desktop and mobile devices.

“The additional funding will mean we can add an extra layer of protection, whilst boosting our existing services, with real time monitoring of NHS networks and the ability to see potential threats right down to individual NHS organisations.”