Health secretary announces investments in cybersecurity, including pledge to install Windows 10 across the board by 2020

The government has signed a £150m deal with Microsoft to improve the cybersecurity of the NHS.

The contract includes provisions to make sure that “all health and care organisations are using the latest Windows 10 software with up-to-date security settings”. It is understood that all NHS organisations must migrate machines running previous versions of the operating software to Windows 10 by 14 January 2020 – the date on which Microsoft will cease support for Windows 7.

Following last year’s WannaCry ransomware attack, the NHS faced criticism for the fact that many trusts still had at least some computers running on XP. At the time, the NHS said that 4.7% of machines were still using the software – which was released in 2001.

Microsoft stopped supporting XP in 2014, but the government agreed a £5.5m deal with the software giant to maintain support for the numerous UK public sector customers still using the software. Since this deal expired in 2015, XP machines have been unsupported.

Related content

• Government’s lack of action on WannaCry is ‘alarming’ – PAC
• ‘Like swimming in a pool of sharks’ – less than one in 4,000 Met Police PCs running latest version of Windows
• NAO says preventable WannaCry damage shows DoH and NHS must ‘get their act together’

In addition to rolling out Windows 10 across the NHS, the £150m deal includes £21m to upgrade firewalls and other network hardware, and £39m to help trusts eliminate “weaknesses” in their IT infrastructure.

Healthcare providers will also be required to comply with 10 security standards laid out in a “data security and protection toolkit”. 

The NHS is also to implement a text message alert system, so information is available to trusts even if internet and email services are disconnected.

Health and social care secretary Jeremy Hunt said: “We know cyberattacks are a growing threat, so it is vital our health and care organisations have secure systems which patients trust. We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS against this threat. This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.”

Sarah Wilkinson, chief executive of NHS Digital, added: “We welcome the secretary of state’s commitment to prioritise cybersecurity. The new Windows operating system has a range of advanced security and identity-protection features that will help us to keep NHS systems and data safe from attack. This is one of a suite of measures we are deploying to protect the service from cyberattack.”