Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, how much has been spent on improving cyber security of the health and care system in each year since 2016; and how much and what proportion of that expenditure was (a) internal and (b) on contracted suppliers.

The information requested on cyber spending covers sensitive details about cyber security investment for the National Health Service. Releasing this information at the level of any annual breakdown may assist in determining the effectiveness of detecting cyber-attacks on the NHS, and could compromise measures to protect NHS IT systems, leaving them vulnerable to future cyber-attacks.

However, in total, £338 million has been invested nationally to improve the cyber security of the health and care system between 2016 and 2023. This is core spend and excludes investment by local organisations, and wider national or local IT investment which supports better security, such as Microsoft licensing for NHS organisations.

Cyber improvement programmes will always seek to use internal resource where skillsets are available. External subject matter expertise support is brought in to support delivery where these are not available within the Department.