NHS to spend £150m to protect against ‘growing threat’ of cyber attacks

The health service has announced plans to spend £150 million on cyber security over the next three years (PA)

The NHS is to spend £150 million on cyber security to protect it from attacks such as last year’s WannaCry incident.

The Department of Health and Social Care has signed a new contract with Microsoft to enhance security intelligence, with individual trusts having the ability to detect threats, isolate infected machines and kill malicious processes before they are able to spread.

The move was announced by Health and Social Care Secretary Jeremy Hunt, who described cyber attacks as a “growing threat”.

The new security package will ensure all health and care organisations can use the most up-to-date software with the latest security settings.

The measures mean that health and social care services regulator the Care Quality Commission (CQC) will have new powers to inspect NHS trusts on their cyber and data security capabilities.

The deal is the latest in a series of measures to strengthen cyber security in the NHS since the WannaCry attack in May last year, which saw data on infected computers encrypted and users issued with a ransom demand to unlock their devices.

A total of 80 of 236 NHS trusts across England suffered disruption because they were either infected by the ransomware or had turned off their devices or systems as a precaution. The ransomware infected another 603 NHS organisations including 595 GP practices.

The health service was forced to cancel almost 20,000 hospital appointments and operations as a result and five A&E departments had to divert patients to other units.

Since last year the Government has invested £60 million to address key cyber security weaknesses.

The new measures include the setting up of a new NHS Digital Security Operations Centre, which will allow NHS Digital to improve near real-time capability to respond to cyber attacks to reduce the impact of an attack on NHS infrastructure.

Cyber security will also be boosted by a £21 million upgrade to firewalls and network infrastructure at major trauma centre hospitals and ambulance trusts, which will improve security and protect technology such as MRI scanners and blood test analysis.

A further £39 million has been spent this year by NHS trusts to help them address infrastructure weaknesses which prevented them from stopping previous cyber alerts.

A text messaging alert system is also in place to ensure trusts have access to accurate information even if internet and email services are down.

Mr Hunt said: “We know cyber attacks are a growing threat, so it is vital our health and care organisations have secure systems which patients trust.

“We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS against this threat.

“This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.”

Health minister Lord O’Shaughnessy said: “Patient data must be properly protected and this significant investment will help to keep our systems resilient and up-to-date.

“This will give patients greater confidence in how their information is managed by the NHS.”

Sarah Wilkinson, chief executive at NHS Digital, said: “We welcome the Secretary of State’s commitment to prioritise cyber security.

“The new Windows Operating System has a range of advanced security and identity protection features that will help us to keep NHS systems and data safe from attack.”