NHS: Cybersecurity

Lord Patel Excerpts
Wednesday 2nd May 2018

(6 years, 7 months ago)

Lords Chamber
Read Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord O'Shaughnessy Portrait Lord O'Shaughnessy
- Hansard - - - Excerpts

My noble friend makes an excellent point. Not only is it critical that data is joined up for direct care—quite rightly, patients are amazed when that does not happen—it is an absolutely essential resource for research into new treatments. One thing we are doing to try to provide that reassurance to the public, which has not always been there, is introducing a new data opt-out at the end of this month to provide that reassurance for patients who do not want to be part of it. We are focused on providing that resilience and security so that they can be confident that, when the NHS holds their data, it uses it securely, safely and legally.

Lord Patel Portrait Lord Patel (CB)
- Hansard - -

My Lords, one of the lessons learned following the WannaCry attack was that the weakest links in the NHS had to be identified. The Minister has already referred to the upgrading of software that was found to be weak. What work is being done to identify other areas in the NHS that would be open to cyberattacks?

Lord O'Shaughnessy Portrait Lord O'Shaughnessy
- Hansard - - - Excerpts

The noble Lord makes an excellent point. One thing we are now doing is more intelligence-led penetration testing based on work that the Bank of England does, which is to probe in a safe way any weaknesses and to make sure that they are dealt with. The CQC has also added data security to its well-led criteria for inspections. We have now demanded that a board member of each trust takes responsibility for cybersecurity. Indeed, for a trust to be rated as well led, it has to demonstrate that competence.