NHS: Cybersecurity Debate
Full Debate: Read Full DebateDepartment: Department of Health and Social Care
Lord Patel
Main Page: Lord Patel (Crossbench - Life peer)Department Debates - View all Lord Patel's debates with the Department of Health and Social Care
(6 years, 6 months ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord O'Shaughnessy
My noble friend makes an excellent point. Not only is it critical that data is joined up for direct care—quite rightly, patients are amazed when that does not happen—it is an absolutely essential resource for research into new treatments. One thing we are doing to try to provide that reassurance to the public, which has not always been there, is introducing a new data opt-out at the end of this month to provide that reassurance for patients who do not want to be part of it. We are focused on providing that resilience and security so that they can be confident that, when the NHS holds their data, it uses it securely, safely and legally.
Lord Patel (CB)
My Lords, one of the lessons learned following the WannaCry attack was that the weakest links in the NHS had to be identified. The Minister has already referred to the upgrading of software that was found to be weak. What work is being done to identify other areas in the NHS that would be open to cyberattacks?
Lord O'Shaughnessy
The noble Lord makes an excellent point. One thing we are now doing is more intelligence-led penetration testing based on work that the Bank of England does, which is to probe in a safe way any weaknesses and to make sure that they are dealt with. The CQC has also added data security to its well-led criteria for inspections. We have now demanded that a board member of each trust takes responsibility for cybersecurity. Indeed, for a trust to be rated as well led, it has to demonstrate that competence.