Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, what recent assessment he has made about the readiness of the NHS to tackle co-ordinated cyber attacks.

In the past year, we have invested £37.6 million across health and social care, building on the £338 million invested since 2017. Through our ambitious Cyber Improvement Programme, we are tackling the changing cyber risk head-on, expanding protection and services to better protect the health and care system.

NHS England’s Cyber Operations team provides 24/7 monitoring and expert support to National Health Service organisations who have been impacted by cyber-attacks. This includes specialist, on the ground, certified incident response services free of charge to NHS organisations who have been severely impacted by cyber incidents as well as technical and operational support to contain, investigate, and remediate incidents. Furthermore, we have developed guidance for leaders involved in cyber incidents to ensure there is a clear policy and process for how to respond across all elements of incidents.

We have a process in place to identify lessons and implement improvements following cyber incidents. Following the Synnovis cyber-attack in 2024, the Department and NHS England have made improvements to critical communications processes, added additional measures to improve resilience in the supply chain, and have set out clearer roles and responsibilities in incident management.

In 2023, a Health and Care Cyber Security Strategy was launched. Pillar 5 of the strategy focuses on exemplary response and recovery, as set out in the strategy health and care organisations should run annual cyber exercises to ensure there is a well-practiced and rapid response when incidents do occur.