NHS Digital does new cyber security deal with Microsoft

Custom support agreement for the health services covers devices running on outdated operating systems

NHS Digital has set up an agreement with Microsoft that will provide support in detecting cyber threats to IT systems relying on outdated operating systems until the middle of next year.

Hand coming out of laptop screenThe provider of data and IT services for health and social care bodies has reached a custom support agreement with the software giant that will be available to all NHS organisations.

It will involve Microsoft providing patches and updates for all existing Windows devices operating on Windows XP, Windows Server 2003 and SQL 2005 – which are no longer supported on a standard basis by the company.

The move comes three months after several hospitals were badly hit by the attack of the WannaCry virus, which highlighted vulnerabilities in cyber security around the NHS; although NHS Digital emphasised the significance of recommendations by the National Data Guardian for the health service.

A spokesperson said: “The Government response to the National Data Guardian’s review referred to ‘working in partnership with Microsoft to help mitigate the immediate risks associated with unsupported software’.  Part of this work has now culminated in a new custom support agreement between NHS Digital and Microsoft. 

“Microsoft will provide NHS Digital with a centralised, managed, and coordinated framework for the detection of malicious cyber activity through its Enterprise Threat Detection (ETD) service. The ETD analyses intelligence and aims to reduce the likelihood and impact of security breaches or malware infection across the NHS.

“This contract with Microsoft runs until June 2018 and is in line with similar agreements between Microsoft and other government departments.

“One of NHS Digital’s key roles is to work closely with other national partners to explore and provide additional layers of cyber security support to NHS organisations when they need it, with the aim of minimising disruption to NHS services and patients.”

While the deal with Microsoft will provide cover over the next few months, the continued reliance of some organisations on the old operating systems indicates that significant problems remain around the security IT estate. In June BCS – The Chartered Institute for IT published a report saying there has been a lack of investment in IT systems in the NHS.

Photo: iStockphoto/Henrik Jonsson