NHS Receives £150 Million Fund for Increased Cybersecurity


The NHS has received a cash injection of £150 million to fund an improvement in cyber security. This includes a new deal to upgrade all health and care organisations computer software to windows 10.

The Government announcement made over the weekend claimed that a three-year plan for funding would help the health service to respond more quickly to threats and allow local trusts to identify and isolate attacks before the opportunity to spread arises.

Funding comes after Cybersecurity breaches in 2017

The NHS was famously decimated by the WannaCry ransomware campaign back in May last year. As a result, 19,000 operations and appointments were cancelled, with disruption at 34 per cent of England trusts and infections at a further 603 primary care and other NHS organisations, including 595 GP practices.

The upgrade to Windows 10 will at least make systems more resilient to such threats. However, it was a lack of prompt patching that is thought to have exposed many of the NHS endpoints that were infected back in 2017. This is something that an upgrade to the new OS would not necessarily help.

“The NHS is signalling that an inherently more secure operating system is less risk than a less secure O/S, running next generation endpoint security,” said Lastline director of threat intelligence, Andy Norton. “Of course it does not address the problem of legacy apps that won’t run on Windows 10. Nor does it solve the user case of WannaCry; Windows 10 was still vulnerable.”

What Aspects of Cybersecurity will be Covered?

The government claimed it would be funding the new NHS Digital Security Operations Centre to either boost or improve the detection, prevention and response of incidents. Also included in the £150 million plan are:

  • £21 million to upgrade all firewalls and network infrastructure at major trauma centre hospitals and ambulance trusts
  • £39 million to repair “infrastructure weaknesses” at the NHS trusts
  • New powers assigned to Care Quality Commission to inspect trusts on their cybersecurity abilities

Cybersecurity Back-ups will also be Funded

There will be a requirement for health and care organisations to implement a new toolkit of the ten best practices in security standards. As well as this, the government will fund a text messaging alert system to ensure that trusts have access to accurate information if internet and email services were to go down.

“We know cyber-attacks are a growing threat, so it is vital our health and care organizations have secure systems which patients trust,” said health secretary, Jeremy Hunt. “This new technology will ensure the NHS can use the latest and most resilient software available — something the public rightly expect.”

NHS Digital CEO Sarah Wilkinson welcomed the extra cash: “The new Windows Operating System has a range of advanced security and identity protection features that will help us to keep NHS systems and data safe from attack,” she added. “This is one of a suite of measures we are deploying to protect the service from cyber-attack.”

This move comes two weeks after MPs demanded that the government move faster to agree on financial plans for cybersecurity in the health service. The Public Accounts Committee gave it a June deadline for them to come up with an estimate on the costs.

Cybersecurity Events at Whitehall Media

Enterprise Cybersecurity (ECS) UK and Europe is the place for all news and networking opportunities within cybersecurity sector. Whether you are offering cybersecurity services, or you are searching for the best cybersecurity products for your business, our ECS conferences can offer all you need to help your business thrive and succeed. Get in touch with Whitehall Media today to find out more.