News story

Plans to strengthen NHS cyber security announced

A new multi-million pound Microsoft package will ensure NHS systems have the most up-to-date software with the latest security settings.

Cyber security

The deal with Microsoft will ensure all health and care organisations are using the latest Windows 10 software with up-to-date security settings to help prevent cyber attacks.

Since 2017 the government has invested £60 million to address cyber security weaknesses. A further £150 million will be spent over the next 3 years to improve the NHS’s resilience against attacks. This will include setting up a new digital security operations centre to prevent, detect and respond to incidents.

The centre will:

  • allow NHS Digital to respond to cyber attacks more quickly
  • allow local trusts to detect threats, isolate infected machines and kill the threat before it spreads

Other measures to improve cyber security include:

  • £21 million to upgrade firewalls and network infrastructure at major trauma centre hospitals and ambulance trusts

  • £39 million spent by NHS trusts to address infrastructure weaknesses

  • new powers given to the Care Quality Commission to inspect NHS trusts on their cyber and data security capabilities

  • a data security and protection toolkit which requires health and care organisations to meet 10 security standards

  • a text messaging alert system to ensure trusts have access to accurate information – even when internet and email services are down

Health and Social Care Secretary Jeremy Hunt said:

We know cyber attacks are a growing threat, so it is vital our health and care organisations have secure systems which patients trust.

We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS against this threat.

This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.

Published 28 April 2018