Story image

NHS signs £150m cybersecurity deal with Microsoft – but is it enough?

03 May 18

​News has emerged of NHS finally bolstering its defences in light of the ‘growing threat’ of cyberattacks.

NHS has signed a deal with Microsoft worth £150 million to upgrade its security systems.

This comes almost a year after the fiasco caused by the WannaCry virus where at least 80 health trusts and 603 NHS organisations and GP practices were disrupted by the global ransomware attack, causing the cancellation of around 20,000 hospital appointments and operations with ambulances being diverted from some A&Es.

Since 2017 the government says it has invested £60 million to address these issues, so the additional £150 million to be spent over three years will be a big boost.

Health and Social Care secretary Jeremy Hunt says the investment will enhance security intelligence to give individual trusts the ability to detect threats, isolate infected machines and kill malicious processes before they can spread.

“We know cyber attacks are a growing threat, so it is vital our health and care organisations have secure systems which patients trust,” says Hunt.

“We have been building the capability of NHS systems over a number of years, but there is always more to do to future-proof our NHS against this threat. This new technology will ensure the NHS can use the latest and most resilient software available – something the public rightly expect.”

However, Skybox Security director Peter Batchelor argues the problem can’t just be fixed by throwing money at it. The first step, Batchelor says, should start from a goal of assuring availability of uninterrupted medical services, and cybersecurity is critical for ensuring this continuity.

“Cybersecurity for cybersecurity’s sake, including an obsession with metrics of malware blocked, isn’t appropriate when what’s of prime importance to the NHS is that patient services will not be interrupted by another cyberattack,” Batchelor says.

“Visibility of threats and vulnerabilities is key but not if it simply hands a small and overstretched team of NHS IT specialists an even longer to do list. They are desperate for practical support that tells them what the priorities are to work on immediately and automates much of the workload of closing down vulnerabilities effectively.”

Batchelor says despite the widespread criticism, NHS Digital and other stakeholders are all working incredibly hard to make NHS more secure for all of the United Kingdom.

“Their prime concern is delivering excellent medical services and outcomes for patients. Cybersecurity must serve this end but must not get in the way,” says Batchelor.

“Letting teams see and assess the risks and security priorities clearly, being able to run attack simulation on a daily/weekly basis and at the touch of a button without interrupting medical care or placing additional burden on the limited NHS IT resources, is what the NHS requires and, in our experience, is already working towards.”

AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.