Skip to the content

NHS gets new cyber security deal with Microsoft


Agreement between DHSC and software company provides healthcare organisations with free access to Windows Defender Advanced Threat Protection

The Department for Health and Social Care (DHSC) has announced a new agreement with Microsoft for Windows 10 licences that it said will provide a significant boost for cyber security in the NHS.

It has struck a five-year deal for the Windows Enterprise operating system under which health service organisations that agree to implement the Windows Defender Advanced Threat Protection (WDATP) facility can access it free of charge, rather than having to purchase it locally. The service involves Microsoft’s vast telemetry sets, analytics and human analysts.

The software is claimed to provide better protection against malware and the ability to monitor for abnormal activity down to individual devices. This should help to identify threats and isolate affected machines more quickly.

It is also linked into the NHS Digital Data Security Centre, which supports local NHS and care organisations in their cyber security operations.

The software also includes local device encryption and Windows Defender Antivirus, which can replace the locally purchased alternatives.

January 2020 commitment

All NHS organisations joining the service have to commit to migrating to Windows 10 by no later than 14 January 2020. NHS Digital, the health service’s lead organisation on digital technology, will provide guidance on the migration.

So far more than 100,000 devices operated by NHS organisations have been migrated to the software.

Sarah Wilkinson, chief executive at NHS Digital, said: “We welcome the secretary of state’s commitment to prioritise cyber security.

“The new Windows operating system has a range of advanced security and identity protection features that will help us to keep NHS systems and data safe from attack. This is one of a suite of measures we are deploying to protect the service from cyber attack.”

Cindy Rose, chief executive officer of Microsoft UK, said: “The importance of helping to protect the NHS from the growing threat of cyber attacks cannot be overstated. The introduction of a centralised Windows 10 agreement will ensure a consistent approach to security that also enables the NHS to rapidly modernise its IT infrastructure.”

Earlier agreement

The move comes months after NHS Digital set up an agreement with Microsoft to make its Enterprise Threat Detection Service available to detect threats to IT systems relying on outdated operating systems, and which is due to expire in the middle of this year.

It came after last year’s WannaCry ransomware attack, which although not aimed at NHS organisations forced a large number to suspend operations as they struggled to deal with its consequences. Two weeks ago Parliament’s Public Accounts Committee published a report saying the DHSC should provide more support to local organisations to improve their cyber security.

The new deal with Microsoft is accompanied by a £21 million upgrading of firewalls and network infrastructure at major trauma centre hospitals and ambulance trusts, and new powers for the Care Quality Commission to inspects NHS trusts – in conjunction with NHS Digital – on their cyber and data security capabilities.

The DHSC has also launched a Data Security and Protection Toolkit with 10 key standards to meet, and a text messaging alert system.

Image from GOV.UK, Open Government Licence v3.0

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.