Jackie Doyle-Price, Parliamentary Under Secretary of State at the Department of Health, recently admitted that the NHS is still using approximately 2,300 computers that are running Windows XP but also said that they form only 0.16% of NHS' IT infrastructure.
In May 2017, shortly after the WannaCry ransomware attack struck NHS organisations, inflicting losses of around £92 million and impacting 81 out of 236 trusts across England as well as 603 primary care and other NHS organisations, including 595 GP practices, Health Secretary Jeremy Hunt promised that the use of Windows XP in NHS institutions would be eliminated by March 2018.
In response to the WannaCry attacks, the Department of Health and Social Care (DHSC) initially invested £60 million to address key cyber security weaknesses in NHS hospitals and GPs and promised to spend a further £150 million over the next two years.
Shortly thereafter, NHS Digital entered into a three-year strategic partnership with IBM to provide a range of services to healthcare organisations and to enhance NHS Digital’s capability to monitor, detect and respond to a variety of security risks and threats across the NHS.
NHS Digital also issued a tender valued between £700,000 and £850,000 for the creation of a cyber design authority team to support expanded data security centre responsibilities. It also issued a tender worth between £1.5 million and £1.65 million for the supply of a Project Management Office (PMO) and a Security Demand & Supply Management (SDSM) Team that would support an expanded Data Security Centre.