NHS Gets £150m Cyber-Spending Boost
The NHS is set to receive a £150m cash injection to fund improved cybersecurity, including a new deal to upgrade all health and care organizations to Windows 10.
The government announcement over the weekend claimed the three-year funding plan would help the health service respond more quickly to threats and allow local trusts to spot and isolate attacks before they have a chance to spread.
The NHS was famously decimated by the WannaCry ransomware campaign last May, with an estimated 19,000 operations and appointments cancelled, with disruption at 34% of England trusts and infections at a further 603 primary care and other NHS organizations, including 595 GP practices.
The upgrade to Windows 10 will at least make systems more resilient to such threats, although it was a lack of prompt patching that is thought to have exposed many of the NHS endpoints that became infected last year; something an upgrade to a new OS wouldn't necessarily help.
"The NHS is signalling that an inherently more secure operating system is less risk than a less secure O/S, running next generation endpoint security," said Lastline director of threat intelligence, Andy Norton. "Of course it does not address the problem of legacy apps that won't run on Windows 10. Nor does it solve the user case of WannaCry; Windows 10 was still vulnerable."
The government claimed it would be funding a new NHS Digital Security Operations Centre to boost our improve incident detection, prevention and response.
Also included in the £150m plan are: £21 million to upgrade firewalls and network infrastructure at major trauma center hospitals and ambulance trusts, £39m to fix “infrastructure weaknesses” at NHS trusts and new powers assigned to the Care Quality Commission to inspect trusts on their cybersecurity capabilities.
Health and care organizations will be required to implement a new toolkit of 10 best practice security standards and the government will also fund a text messaging alert system to ensure trusts have access to accurate information in the event that internet and email services go down.
“We know cyber-attacks are a growing threat, so it is vital our health and care organizations have secure systems which patients trust,” said health secretary, Jeremy Hunt. “This new technology will ensure the NHS can use the latest and most resilient software available — something the public rightly expect.”
NHS Digital CEO Sarah Wilkinson welcomed the extra cash.
“The new Windows Operating System has a range of advanced security and identity protection features that will help us to keep NHS systems and data safe from attack,” she added. “This is one of a suite of measures we are deploying to protect the service from cyber-attack.”
The move comes a fortnight after MPs demanded the government move faster to agree on its spending plans for cybersecurity in the health service.
The Public Accounts Committee gave it a June deadline to come up with an estimate on costs.
Source: Information Security Magazine