NHS deploys Microsoft threat detection service on just 30,000 devices

That's only 2% of Blighty's health service PCs

By Paul Kunert

Posted in Security, 24th January 2018 16:34 GMT

Updated NHS Digital has yet to explain why it has taken months to roll out Microsoft's Enterprise Threat Detection Service (ETDS) to only about two per cent of the UK health service's targeted installed base.

The ETDS element was included in a custom support agreement that covers all NHS orgs in the UK under a framework penned in August following the crippling WannaCry attack in May.

Today, NHS Digital – the body that oversees information technology provided to the sector – told us the use of Microsoft's service will give its techies cyber alerts designed to reduce the chance of a major breach or malware infection, and remediation advice should nasties get through.

It said the service contract followed a pilot with NHS Digital and Blackpool Teaching Hospitals Foundation Trust. ETDS has so far been deployed on "over 30,000 machines" and will "eventually" cover up to 1.5 million devices within healthcare across hospital trusts and GP practices.

ETDS is just one area of the framework the NHS signed last summer: it provides patches and updates for devices across the sector running various flavours of Windows including XP, Server 2003 and SQL 2005. It runs until summer 2018.

The agreement followed the unwelcome news last summer that at least 81 of the 236 NHS Trusts in England were among institutions across the globe that were hit by WannaCry.

The National Audit Office reported on the attack in October and said the UK health service could have defended itself "if only it had taken simple steps to protect its computers". The full extent of financial cost remains unquantified.

The Department of Health failed to agree a working process with NHS England to secure computer and medical kit in the event of a cyber attack, meaning "patients and NHS staff suffered widespread disruption, with thousands of appointments and operations cancelled".

Specifically, 19,494 appointments were shelved and this included 139 patients that had had "an urgent referral for potential cancer cancelled".

The Register asked NHS Digital to detail the cost of the ETDS bought from Microsoft, the cost of the overall year-long framework, why ETDS has only reached 30,000 machines, and if the procurement heads considered alternative suppliers. We were told answers would arrive by the day's end.

The Department for Health and NHS England are so far yet to respond to our request for comment last week, when the team behind an open-source Linux project called it day, citing a lack of support for their work and little appetite among some senior healthcare officials to treat their addiction to Microsoft products and services.

For what it's worth, Dan Taylor, director of security (and clearly a corp-speak expert) at NHSDigital, said: "It is our role to alert organisations to known cybersecurity threats and advise them of appropriate steps to minimise risks; this marks a step change in our capability to provide high quality, targeted alerts to allow organisations to counter these threats and ensure patients' needs continue to be met."

Er, well said, that man.


NHS Digital has made contact to say it was unable to comment on the amount of money spent on the custom support agreement with Microsoft due to "commercial sensitivity". ETDS is just one element of this agreement.

The PR rep added said the deployment on 30,000 devices marked the "system-wide rollout, following a successful trial period".

"The capability needs to be rolled out gradually by each individual organisation across their own IT infrastructure." This was due to the "complex nature and scope of rolling out such programmes". ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

Crumbs! Crunchyroll distributed malware for a couple of hours

Anime-streamer is fine again, and disinfection is easy

Malware hidden in vid app is so nasty, victims should wipe their Macs

If you downloaded and installed stuff from Eltima, you are totally screwed

Hackers abusing digital certs smuggle malware past security scanners

No longer just a spy game

Apple blocks comms-snooping malware

Leaked developer certificate revoked, protection updated

Cisco can now sniff out malware inside encrypted traffic

This is Switchzilla’s kit-plus-cloud plan in action

Shoddily-set-up Elastisearch hosting point-of-sale malware

Sigh. Admins of free AWS instances just didn't tick the right boxes.

Malware writer offers free trojan to hackers ... with one small drawback

Beware of geeks bearing Cobian RAT gifts

Shopped in Forever 21? There was bank-card-slurping malware in it for, like, forever

For seven months, fashion shop's POSes were real Ps of S

Raspberry Pi sours thanks to mining malware

Change your default user name or Linux.MulDrop.14 will send your Pi down the crypto-mines