The Safety and Sustainability of the Cloud Within the NHS

Published 2/5/2019 by Ric Thompson, Managing Director, Health & Care, Advanced

It cannot be ignored that the NHS is facing unprecedented pressures on its services. Embracing new technologies to handle this has become a focus for the decision-makers working in healthcare. Technology adoption was one of the key aims set out in the Government’s NHS 5 Year Forward View, published in 2014. This has continued into the NHS Long Term Plan that was released in January 2019. It is clear in the latest plan that the pressure to ‘do more with less’ is going to continue, with services being aggregated in ways that demand the support of future-proof technologies. However, none of this inisistance makes taking digitally transformative steps any less daunting.

One of the new technologies becoming more prominent within the NHS is the Cloud. This is particularly because Cloud adoption works well as a way to outsource aspects of your IT management to IT specialists. Also, only what is used is paid for because servers can be turned on and off as services demand them, meaning Trusts are only charged for what is used. This scalability, cost-effectiveness and specialist support is ideal for the NHS. A description like this makes it clear how Cloud technology can benefit the work of the NHS. However, could it have prevented the ransomeware attack ‘Wannacry’ that occurred because cybercriminals were able to maliciously manipulate software code? Can Cloud services and solutions providers be trusted with the personal data that our NHS deals with every day?

On 12 May 2017, three days of attack began. ‘WannaCry’, a type of ransomware that exploited a flaw in the Microsoft Windows’ Server Message Block protocol, encrypted files in affected machines in over 150 countries. To retrieve the files, a ransom was demanded. The attack was brought to an end by the discovery of a killswitch and emergency patching issued by Microsoft. It is thought that what made Windows-running machines so susceptible was that they had not been updated to the latest operating system (OS) or security add-ons. To combat this, Microsoft’s patching efforts included updates for Windows XP, Vista, Windows 7 and Windows 8. Had systems been using the latest technology, ‘WannaCry’ could have been prevented.

Cloud technology can be consumed in a range of amounts, with your technical responsibility decreasing the more you consume. If you adopt an Infrastructure or Platform-as-a-Service approach, then the responsibility of your applications data and operating system (OS) sit with yourself. You must update your applications and OS, as well as cleanse, track and securely manage your data. If you adopt a SaaS model, then all of this is outsourced to expert Cloud IT Services providers. In doing this, your technology is kept secure, up-to-date and in support due to it being an expert’s responsibility. Taking steps such as these can effectively help prevent opportunistic attacks such as ‘Wannacry’. In January 2018, almost a year after the attack, NHS Digital published guidance to set clear expectations for health and care organisations wishing to consume Cloud technology:

"It is for individual organisations to decide if they wish to use Cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively. The guidance being published today will give greater clarity about how these technologies can be used and how data, including confidential patient information, can be securely managed."
Rob Shaw, Deputy Chief Executive at NHS Digital

Cloud, with its benefits including cost-efficiency, scalability and the peace of mind that comes with trusting technology experts with your digital workload is clearly encouraged for the NHS. It makes sense. The vast majority of  healthcare professionals are not specialists in Cloud technology, nor should they be; however, companies such as Advanced are. By working closely with knowledgable IT specialists, the care of those most in need in the UK can be expertly supported by digital solutions that can be trusted. This does not negate the fact that the stringent security measures implemented across the sector must still be met.

This is where Public Sector procurement frameworks have become so useful. These frameworks are in place to support IT decision-makers when they are choosing which companies they can trust to provide the technology their organisation needs. Advanced appear on Crown Commercial Services 2 RM3804 framework, G-Cloud 10, and are connected to the Health and Social Care Network. This means that our IT services and solutions have been recognised as compliant with the rigorous standards of the Public Sector, including the NHS. We are currently supporting organisations from across the NHS, including Worcestershire Acute Hospitals NHS Trust, Royal Devon and Exeter NHS Foundation Trust, George Eliot Hospital NHS Trust and NHS Scotland , providing technology that securely meets their needs.

Our Cloud services and SaaS solutions cover the NHS, from device to data centre and into the Cloud. We can streamline  processes, improve  strategies, deliver cost-efficiencies and provide a secure place from which products and services can be procured. With our 2018/19 Trends Survey revealing that 37% of Public Sector employees want to see Cloud services in their daily working lives, adopting Cloud-based applications can be a great way to begin the digital transformation journey. New technologies may seem daunting to adopt, but the Cloud is here to stay – and there are many benefits to be had for the NHS.

Find out more about our solutions on our website: Spend Management / Public, Private Cloud & Managed IT Services