Privacy & Security

NHS to improve cybersecurity posture with Windows 10 migration

The planned update to the operating system is just the latest move to improve the National Health Services’ cybersecurity posture since falling victim to the global WannaCry malware attack in June 2017.
By Jessica Davis
May 01, 2018
03:01 PM

The U.K. National Health Service signed an agreement with Microsoft to upgrade its legacy computer systems to Windows 10 to improve its cyber resilience after the global WannaCry cyberattack shut down one-third of its health trusts last June.

The hope in updating all NHS devices to Windows 10, according to officials, is to improve its cybersecurity posture and improve the health system’s ability to respond to attack.

After falling victim to WannaCry, NHS staff was locked out of their systems and 20,000 appointments were canceled. Some trusts were offline for a number of weeks. What’s notable was the severity of the impact, as NHS wasn’t the initial target of the hackers.

WannaCry was able to proliferate due to the health system’s failure to patch its legacy systems. While Windows 7 users were hardest hit by WannaCry, users of XP, the system used by NHS, also were vulnerable to attack. The U.K. government ended support of the outdated software in 2015.

“We’ve been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS as far as reasonably possible against this threat,” Jeremy Hunt, secretary of health and social care, said in a statement.

“This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect,” he added.

The migration announcement comes just two weeks after a U.K. Commons Public Accounts committee revealed all 200 NHS trusts failed its cybersecurity assessments. Officials took that report as a wake-up call, as it’s helped to improve its understanding of the health system’s readiness for another cyberattack.

Among a list of recommendations, the group gave NHS until June 2018 to determine its plans to improve its cybersecurity posture in the event of another cyberattack.

The centralized agreement with Microsoft will give NHS a consistent security approach and modernize its operating system. It’s the second agreement signed between Microsoft and the health system this year. The two signed a support agreement just three months after WannaCry.

The vulnerabilities of NHS computer systems are similar to those faced by U.S. health systems: outdated systems, limited budgets and patching difficulties. An issue highlighted in January by the Office of the National Coordinator for Health IT.

Healthcare Security Forum

The forum in San Francisco to focus on business-critical information healthcare security pros need June 11-12.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Topics: 
Network Infrastructure, Privacy & Security

More regional news

Rebecca Herold from the IEEE on AI and cybersecurity

IEEE deep dive: What you really need to know about AI and cybersecurity

By
Bill Siwicki
October 17, 2024
Female doctor with headset smiles on a telehealth visit

As year-end deadline looms, Congress again calls on DEA to extend telehealth flexibilities

By
Andrea Fox
October 16, 2024
Dr. Michael Poku of Equality Health on value-based care

A value-based care 'enabler' explains its successful model

By
Bill Siwicki
October 16, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Rebecca Herold from the IEEE on AI and cybersecurity
Cybersecurity In Focus
IEEE deep dive: What you really need to know about AI and cybersecurity

Most Read

Finding efficiencies and improving care: Give your healthcare surveillance a clean bill of health
Keep patients digitally empowered and engaged in their care
HITRUST unveils new tool for AI risk management
A simplified approach to strengthen healthcare security stack
Check your IT asset disposal partners' certifications and standards
HHS to fund AI-enabled medical device maintenance tools

Research

White Papers

More Whitepapers

Interoperability
Patient Engagement
Interoperability

Webinars

More Webinars

Interoperability
Artificial Intelligence
Artificial Intelligence

Video

Dr Somkid Udomkijmongkol at Princ Hospital Suvarnabhumi_HIMSS24 APAC
Princ Hospital Suvarnabhumi eyes AI, telemedicine adoption
Renato Umeton at Dana-Farber Cancer Institute_AI in Healthcare Forum 2024
Dana-Farber created a secure testing environment for nonclinical LLMs
Hyungjin Rhee at Yonsei University College of Medicine_HIMSS24 APAC
Severance Hospital to pilot LLM on HIS
Steen Strand at Emteq Labs_Footage and still image Courtesy of Emteq Labs
Eyewear that senses emotions grabs facial data

More Stories

Hospital administrators in an office meeting
Te Whatu Ora may further cut digital funding
Krishna Duarsa at the Kasih Ibu Hospital Group_HIMSS24 APAC
Bali hospital takes on EMR maturity
Couple holding baby
Owlet wins back compliance with NYSE continued listing standards
David P. Tusa of MD Home Health on RPM
Arizona agency's omnichannel approach to home health includes telehealth and RPM
Hands holding puzzle pieces
AHA concerned over HTI-2 timelines, 'burdensome' requirements
Stethoscope on tablet
HIMSSCast: Is private equity the bad guy in healthcare?
Zafar Chaudry at Seattle Children_Data blocks concept Photo by BlackJack3D1/E+/Getty Images
CIO Spotlight: Zafar Chaudry of Seattle Children's
Monief Eid, senior consultant for the Ministry of Health Saudi Arabia, at HIMSS24 APAC
Building 'solid' medical data exchange...