tashatuvango - Fotolia
NHS organisations to get cyber security alerts service
As part of a deal between NHS Digital and Microsoft, NHS organisations will be able to get a threat detection service, alerting them to any cyber security issues
NHS Digital aims to “further bolster protection” against cyber security threats with a threat detection service from Microsoft.
As part of a deal between Microsoft and NHS Digital, NHS organisations will have access to an alerts system from the supplier, which detects cyber security issues within an organisation, from system-wide problems down to those in individual devices.
The threat detection service, which uses several sources of information to provide cyber threat reporting, has already been piloted at Blackpool Teaching Hospitals NHS Foundation Trust.
So far, it has been rolled out on 30,000 machines, and once deployed fully, it will cover up to 1.5 million devices across NHS trusts and GP practices.
NHS Digital security director Dan Taylor said the deal will “further bolster protection against cyber security issues in the NHS”.
He added: “It is our role to alert organisations to known cyber security threats and advise them of appropriate steps to minimise risks. This marks a step-change in our capability to provide high-quality, targeted alerts to allow organisations to counter these threats and ensure patients’ needs continue to be met.”
NHS Digital also runs its own CareCERT service, which provides advice and guidance, as well as data security assessment and a data security helpline.
The latest deal is part of a wider cyber security support contract NHS Digital signed with Microsoft in August last year, following the WannaCry attack.
Although not particularly targeted at the NHS, health and care organisations in England were hit hard by WannaCry, which affected 81 trusts and 603 primary care organisations.
In the months following the attack, the NHS was criticised for not having proper protocols and systems in place to deal with cyber threats. Last October, a National Audit Office (NAO) report found that the NHS could have prevented the attack if it had followed basic IT security principles.
At a CW500 event last year, NHS Digital’s Taylor said many NHS trusts had more than 50 different systems, including old legacy systems, and it was not a simple matter to patch across all those systems and keep the clinical systems afloat. The NHS is great at patient care, but cyber security is often seen as a lesser priority, he said.
Following the attack, Taylor said NHS organisations had begun to wake up and realise that not having data security in place could impact patient safety. “The huge lesson [with WannaCry] for provider services in the NHS was just how much patient-facing services were built on technology,” he said.