NHS Digital has announced a plan to integrate NHS internal emails with the Microsoft Office 365 suite, sharing data across the two platforms in an attempt to protect NHS information from cyberattacks.
The company, which provides IT systems for NHS services, will begin by enabling NHS staff to log in to Microsoft Office programs using their NHSmail credentials, and will provisionally finish with a full integration of the two services by August 2018.
“It means information can be more readily and securely shared between health and care organisations, and teams can collaborate more easily,” said Neil Bennett, service director for NHS Digital.
“Ultimately it will enable NHS staff to access multiple applications and services using their NHSmail username and password, making their job easier. This benefits patients because it makes the NHS more efficient and they can be assured that their confidentiality continues to be strictly maintained.”
The announcement follows uncertainty regarding the quality of the NHS’s cybersecurity defences in recent months. Following the WannaCry ransomware attacks in May 2017 that affected over 80 hospital trusts and affected over 600 primary care organisations, 6,900 appointments were cancelled. NHS Digital Deputy CEO Rob Shaw also announced this month that all 200 NHS trusts in the country failed their cybersecurity assessments, both before and after the attack.
“The amount of effort it takes from NHS providers in such a complex estate to reach the cyber essentials plus standard that we assess against per the recommendations in Dame Fiona Caldicott’s report, is quite a high bar,” said Shaw.
Dan Taylor, head of security at NHS Digital, identified the presence of older software that had not been updated, and the service’s focus on patients over cybersecurity, as contributing factors to the intensity of the attack. “The problem with health and care is, security is not their business, the patient is,” he said. “The problem is, that’s not how the health service works any more. The health service works because technology enables it.”
By moving towards a cloud platform reinforced by Microsoft, NHS data may be less vulnerable to similar attacks in the future. Data on the Microsoft Office cloud is encrypted, and is not given out to advertisers to tailor adverts to individual users, restricting access to patient data.
The government has also diverted £21 million from the Personalised Health and Care 2020 programme from ambulance trusts and trauma centres to cybersecurity, and has set aside £150 million to improve the NHS’s defences.