The Government has published a new cyber security strategy aimed at protecting the NHS from attacks to vital infrastructure and systems.
Technology is transforming how people access health and care services and information. Over 40 million people now have an NHS login, helping them book appointments, track referrals and order medications online. Over 50% of social care providers now use a digital social care record, helping staff share vital information about the people they care for. As digital systems are adopted to improve health and care services for people across the country, it is vital the health and care sector has the tools it needs to better protect patients’ information.
The cyber security strategy aims to ensure health and adult social care organisations across England are set up to meet the challenges of the future, from identifying areas in the sector which are most vulnerable, to better utilising resources and expertise across the country to defend against cyber attacks.
Health Minister Lord Markham said: "We’re harnessing the power of technology to deliver better, safer care to people across the country - but at the same time it’s crucial we’re also bolstering the defences of our health and care services. This new strategy will be instrumental to ensure every organisation in health and adult social care is set up to meet the challenges of the future.
"This is an important step to ensure we’re building an NHS which is sustainable and fit for the future, with patients at the centre. The health and social care sector has made good progress in recent years, by using the increasing number of cyber defence and response tools it has at its disposal. The sector is now much better protected from attacks than it was at the time of the WannaCry cyber attack in 2017."
NHS trusts now benefit from a direct link to NHS England’s Cyber Security Operations Centre (CSOC), providing real-time protection of any suspicious activity to approximately 1.7 million devices across the NHS network. Around 21 million malicious emails are also blocked every month.
The vision includes 5 key pillars to minimise the risk of cyber attacks and other cyber security issues, and to improve response and recovery following any incidents across health and social care systems including for adult social care, primary and secondary care. This includes:
- identifying the areas of the sector where disruption would cause the greatest harm to patients, such as through sensitive information being leaked or critical services being unable to function.
- uniting the sector so it can take advantage of its scale and benefit from national resources and expertise, enabling faster responses and minimising disruption.
- building on the current culture to ensure leaders are engaged and the cyber workforce is grown and recognised, and relevant cyber basics training is offered to the general workforce
- embedding security into the framework of emerging technology to better protect it against cyber threat
- supporting every health and care organisation to minimise the impact and recovery time of a cyber incident
A full implementation plan will be published in summer 2023 setting out detailed activities and defining metrics to build and measure resilience over the next 2 to 3 years.
National cyber security teams will also work closely with local and regional health and care organisations to achieve the visions and aims of the strategy. This work will include enhancing the NHS England CSOC, publishing a comprehensive and data-led landscape review of cyber security in adult social care, and updating the Data Security and Protection Toolkit (DSPT) to empower organisations to own their cyber risk.