Question to the Department of Health and Social Care:

To ask the Secretary of State for Health, what assessment he has made of the adequacy of IT security systems within NHS trusts.

Cyber resilience in the health and care system is an issue that the Government takes very seriously.

My Rt. hon. Friend the Secretary of State for Health commissioned Dame Fiona Caldicott, the National Data Guardian, and the Care Quality Commission to review data security in September 2015. These reviews were published in July 2016 and identified the need for steps to be taken to protect health and care systems against cyber attack. Both the National Data Guardian and the Chief Executive of the Care Quality Commission wrote to National Health Service trusts highlighting key steps they needed to take to improve cyber security. We will be replying to their report shortly.

Following the 12 May 2017 ransomware attack, the Chief Information Officer for health and care is undertaking a review into the attack which is expected to conclude in the autumn.

That review will provide an assessment of what actions are required to mitigate the risk and impact of a future cyber attack on the NHS, looking in particular at infrastructure, incident response and resilience, and ensuring that this learning is widely shared across all parts of the healthcare system.