NHS to improve cybersecurity posture with Windows 10 migration

By Jessica Davis
03:01 PM
Share
The planned update to the operating system is just the latest move to improve the National Health Services’ cybersecurity posture since falling victim to the global WannaCry malware attack in June 2017.
cybersecurity threats

The U.K. National Health Service signed an agreement with Microsoft to upgrade its legacy computer systems to Windows 10 to improve its cyber resilience after the global WannaCry cyberattack shut down one-third of its health trusts last June.

The hope in updating all NHS devices to Windows 10, according to officials, is to improve its cybersecurity posture and improve the health system’s ability to respond to attack.

After falling victim to WannaCry, NHS staff was locked out of their systems and 20,000 appointments were canceled. Some trusts were offline for a number of weeks. What’s notable was the severity of the impact, as NHS wasn’t the initial target of the hackers.

WannaCry was able to proliferate due to the health system’s failure to patch its legacy systems. While Windows 7 users were hardest hit by WannaCry, users of XP, the system used by NHS, also were vulnerable to attack. The U.K. government ended support of the outdated software in 2015.

“We’ve been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS as far as reasonably possible against this threat,” Jeremy Hunt, secretary of health and social care, said in a statement.

“This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect,” he added.

The migration announcement comes just two weeks after a U.K. Commons Public Accounts committee revealed all 200 NHS trusts failed its cybersecurity assessments. Officials took that report as a wake-up call, as it’s helped to improve its understanding of the health system’s readiness for another cyberattack.

Among a list of recommendations, the group gave NHS until June 2018 to determine its plans to improve its cybersecurity posture in the event of another cyberattack.

The centralized agreement with Microsoft will give NHS a consistent security approach and modernize its operating system. It’s the second agreement signed between Microsoft and the health system this year. The two signed a support agreement just three months after WannaCry.

The vulnerabilities of NHS computer systems are similar to those faced by U.S. health systems: outdated systems, limited budgets and patching difficulties. An issue highlighted in January by the Office of the National Coordinator for Health IT.

Healthcare Security Forum

The forum in San Francisco to focus on business-critical information healthcare security pros need June 11-12.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com