Microsoft mono-culture ‘putting NHS at risk of cyber attack’

The NHS’ reliance on Microsoft could be putting the organisation’s computer systems at risk of another major cyber security attack, according to a royal college IT lead.

Chair of the Royal College of GP’s Health Informatics Group Dr Marcus Baw told HSJ that having this kind of “monoculture” leaves the NHS open to IT bugs “which move through the system instantly”. He stressed these are his personal views, and not those of the RCGP.

In June NHSX announced a major deal with Microsoft to provide IT services across the NHS, including Microsoft Teams - which had been rolled out to support home working during lockdown.

However, Mr Baw said more variety in computer systems used by the NHS could potentially stop an IT bug in its tracks. This would prevent another WannaCry style ransomware attack, which affected dozens of NHS trusts in the UK in 2017, as it moved rapidly through Microsoft computer systems.

He told HSJ: “The main risk is if you have a massive in-store base that exclusively uses Microsoft then you have no option but to continue using Microsoft.

“The main risk, from a value for money point of view, if Microsoft said we’re increasing our prices and they are going to triple then we would have no option but to pay it.

“The other aspect is a monoculture leaves you wide open to system wide threats, which would go through the system instantly.

“So for example WannaCry was able to transmit itself through the server message block system which is a Microsoft system. Microsoft mono-culture ‘putting NHS at risk of cyber attack’ | News | Health Service Journal