A window of opportunity for NHS cyber security

NHS cyber security has been given a major boost with the announcement by the Department of Health and Social Care of a new multi-million-pound deal with Microsoft. Peter Dyke, NHS Digital Programme Head, NHS Windows Managed Service, explains how

The deal between the Department of Health and Social Care and Microsoft will not only strengthen resilience against cyber attacks, but it will also mean that unsupported Microsoft systems in the NHS will become a thing of the past. Our role at NHS Digital is to support individual health and care organisations to best protect the data they hold and to ensure their own cyber-preparedness. The new deal, signed at the end of April, gives local organisations the ability to do just that by enabling them to detect threats, isolate infected machines and kill malicious processes before they spread.

The detail:
A key part of the new centralised Windows 10 agreement is that it will offer local NHS organisations Microsoft Windows operating system licences, which include Windows Defender Advanced Threat Protection (WDATP). This WDATP facility gives local organisations better cyber security protection in their own right, but also links in with NHS Digital’s Data Security Centre, which improves cyber security protection for local health and care communities, and the NHS as a whole.

The deal will run for five years until 2023 and is free of charge to all local NHS organisations who agree to implement the Advanced Threat Protection facility. The Windows licences allow local organisations to use either Windows 7 SP1, Windows 8.1 or Windows 10 Build 1607 and above, so organisations do not need to wait until their full migration to Windows 10 is complete in order to benefit.

The benefits:
There are a great many benefits when it comes to this new deal, but it is especially advantageous for local NHS organisations, who will no longer have to pay for Microsoft Windows client software out of their own revenue funding, releasing money for direct patient care.

The good news is that any organisation delivering predominantly NHS funded care can be part of the service, including trusts, clinical commissioning groups, GPs, commissioning support units and arms-length bodies. It also includes community interest companies and commercial providers who are providing IT services for NHS organisations.

The service does not currently extend to local authorities, care homes, community pharmacies, dentists and opticians, or independent sector provider non-NHS activities. The software also includes local device encryption (Bitlocker) as well as the Windows Defender Antivirus product, which can replace other locally purchased alternatives, saving further local cost.

It means that eligible organisations can be assured that their desktops are running on modern, secure software. Using the ATP portal, these organisations will be able to monitor the security status of their infrastructure against cyber threats. It also means that the NHS has a real time understanding of cyber threats at national level and is therefore better equipped to respond to cyber threats as they occur; ensuring that the right interventions are taken to protect the wider system.

How does Windows Defender Advanced Threat Protection (WDATP) work?
WDATP works by monitoring the Microsoft Windows operating system on a PC or laptop device for any abnormality in its working. If it sees an abnormality, it alerts local management and, if configured by the local organisation, it can quickly provide response actions to prevent a malware infection spreading.

Put simply, WDATP knows how Windows should be working, so if anything abnormal happens, it knows that something is wrong. Because WDATP is an integrated part of the Windows operating system, it can respond immediately to address the issue before it spreads.

As WDATP is provided as part of an NHS national system, an alert of an abnormality is shared with NHS Digital’s Data Security Centre in near real time - allowing NHS Digital to more quickly and effectively co-ordinate the overall NHS response to cyber threats as they evolve.

The national picture is also shared with other NHS entities (e.g. other partners within an accountable care system) so they all have the visibility of a developing threat enabling them to take the appropriate response.

Local input:
A great deal of planning and research has been undertaken to ensure that this is the right deal for the NHS. We have worked with an advisory group of approximately 90 local organisations (trusts, CSUs, CCGs, CICs etc) to develop the service offering.

More than 20 of these organisations have committed to act as early adopters for the WDATP element of the service. A user group will also be maintained as a focal point for ongoing development of the service during its life.

What happens now?
Though it is not mandatory for organisations to take up this service, we are expecting the majority to do so. Central funding for Windows operating systems licenses will not be available to organisations who are not part of the service.

All NHS organisations joining the service must commit to migrating from their current Windows 7/8 estates to Windows 10 by no later than 14th January 2020, as the Windows 7 operating system will be unsupported after that date.

NHS organisations have already successfully migrated more than 100,000 NHS devices to the Windows 10 operating system, and guidance and support to help trusts with their migration will be provided as part of the service.