Work is underway in parallel to determine the fastest and most cost effective way to support the NHS to move from unsupported operating systems, including Windows XP.

The NHS contract has been changed so that NHS organisations are formally required to adopt data security standards as recommended by the independent National Data Guardian for Health and Care, including:

  • security training for staff
  • annual reviews of processes
  • extensive contingency plans to respond to threats to data security

Health Minister Lord O’Shaughnessy said:

The NHS has a long history of safeguarding confidential data, but with the growing threat of cyber-attacks including the WannaCry ransomware attack in May, this government has acted to protect information across the NHS.

Only by leading cultural change and backing organisations to drive up security standards across the health and social care system can we build the resilience the NHS needs in the face of a global threat.