Chris Mountford, account director and head of public sector at Stone Group, discusses the importances of keeping NHS IT systems up to date.
In the modern day, it would be hard to find a bank or accountancy firm that was running an outdated Operating System (OS). This is because businesses holding sensitive data need to keep their IT infrastructure as up to date as possible, as it provides better protection against potential security breaches or threats.
Former Department of Health and Social Care minister Jackie Doyle-Price revealed earlier this year during a parliamentary question, that out of the 1.37 million PCs being used in the NHS, 76% of these devices still run Windows 7. The NHS is clearly under a lot of pressure, which undoubtedly limits its access to cutting-edge technology. However, this revelation left many questioning if this was one corner which should not be cut, considering that it is responsible for an abundance of sensitive patient data for the majority of the UK.
The reason this is a cause for concern is because after January 14th 2020, Windows 7 will no longer be supported by Microsoft, meaning that it will no longer be offering any further security updates or vulnerability patches to any PCs running the incumbent software. Not only does this mean that many trusts face being reliant on devices still lagging on outdated software, it leaves huge security gaps, exposing them to malicious attacks and patient data breaches.
However, with funding always a consideration for healthcare providers, how can a trust balance the books whilst ensuring its patients data is entirely secure?
Delaying updates has consequences
The WannaCry attack of 2017 caused chaos for the entire UK network of primary and secondary care providers. This is when it first came to light that out-of-date software was a major contributing factor to the NHS’ weakened security defences, due to patches no longer being available for systems running outdated versions of Windows.
If an NHS organisation fails to update its software ahead of the deadline set by Microsoft, the consequences could mean another equally disruptive attack that could put patient data at risk, or once again expose devices to ransomware, shutting them down entirely. Some trusts have already upgraded, ensuring their infrastructure is secure, but others have yet to take the initiative.
A less urgent problem with outdated software, but as equally as damaging to productivity, is the risk of devices slowing down and functioning poorly, causing difficulties when support for their system is withdrawn.
The benefits of a fully updated system
As a result, a fully updated OS should be a priority for all healthcare providers due to its strengthened ability to protect data, but there are other benefits. Following on from the popular Windows 7, Windows 10 offers options of data storage both on site and through the cloud. This choice will let trusts safely store data off site, while not forcing them to abandon an on-site system.
Windows 10 can even enhance efficiency, with new tools and features designed to streamline processes and help users become more productive. NHS trusts are constantly working towards increased efficiency on the resources they have, and fully updated devices will provide tools that can enable further progress.
And, when it comes to updates, trusts can be reassured of the guaranteed protection that will no longer be available to Windows 7 users after January.
Making the transition easier
The easiest solution is an upgrade of current devices and software. Realistically, this isn’t always a viable solution when budgets are tight. There are however other options, such as refurbished devices that come pre-installed with Windows 10, negating the need to go through a full software upgrade and leasing programmes.
Finding a good IT provider or partner to guide you through the transition is paramount. While the government may install an upgrade for your trust, there are companies that can take charge of installation, upgrades, maintenance and provide warranty on devices. A complete service ensures safety of data, and means that devices are always working to the highest standard, and seamlessly functioning for NHS staff – which ultimately means they can provide a better service to patients.
Within NHS IT, protection of patient data is vital, and this can’t happen on outdated devices. Trusts can stay ahead of the game by preparing to update their systems ahead of the deadline in January, and can go one step further by bringing in new devices that come with pre-installed software – simultaneously refreshing IT equipment and ensuring absolute protection. Equally, staff must be taught the importance of this when it comes to the care of their patients. It makes the difference between defending against an attack like WannaCry, and being one step ahead and avoiding it altogether.