The UK Department of Health and Social Care inked a deal with Microsoft to move all National Health Service (NHS) organizations to Windows 10 to protect against future cyberattacks, Microsoft announced Saturday.
Last year, the WannaCry ransomware attack took out banks, public transit systems, and hospitals worldwide. It hit the NHS particularly hard, affecting more than one third of NHS branches and leading to the cancellation of 20,000 hospital appointments and operations, as well as patients getting diverted from emergency rooms unable to treat them. Some hospitals did not return to normal operations for weeks, as reported by our sister site Softwareonlinedeal.
Upgrading NHS devices to Windows 10 will improve the organization’s security posture, Microsoft said from a press release, as well as its ability to respond to attacks.
“We know cyber attacks are a growing threat, so it is always vital our health and care organisations have secure systems which patients trust,” Jeremy Hunt, health and social care secretary, said in the release. “We have been building the capability of NHS systems over many different years, but there is always more to do to future-proof our NHS as far as reasonably possible against this threat. This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.”
The deal comes after a recent report on the UK’s Committee of Public Accounts, which found that nearly a year after WannaCry, several UK organizations have not adequately improved their cybersecurity practices to prevent future attacks. Part within the issue was that many healthcare branches did not have the means to update and protect systems without disrupting patient care, the report found.
The Microsoft plan may address this, as it will allow NHS branches to update their systems for free online, to better detect viruses, phishing attacks, and malware, and isolate infected machines before the issue can spread, according to the release. This also highlights the value of SaaS offerings, as they might be more easily updated against new threats.
When any organization is hit with a cyberattack or uncovers a vulnerability, they must come up with a plan for recovery and patching and implement it quickly. Otherwise, they leave themselves at great risk for future attacks.
Since 2017, the UK government has invested £60 million ($82.4 million USD) to address cybersecurity vulnerabilities contained in the NHS, and has pledged £150 million ($206 million USD) more over the next three years, which includes setting up a new NHS Digital Security Operations Centre.