NHS: ICT
(asked on 15th March 2018) - View Source
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, what steps his Department has taken to improve the security of the IT systems in the NHS since the cyber attack of May 2017.
Since the WannaCry cyber attack, the Department has taken a number of further actions, building on a programme of work led by the Department working with its arm’s-length bodies since 2010. These actions are described below:
- The Department’s Data Security Incident Response Plan reviewed. System-wide Data and Cyber Security Operations Playbook developed - June 2017;
- Customer Support Agreement with Microsoft - June 2017;
- The Department’s response to National Data Guardian Review was published including cyber security plans - July 2017;
- NHS Digital published unsupported systems guidance - July 2017;
- E-learning package launched for National Health Service staff - July 2017;
- Data security now part of the Care Quality Commission’s (CQC’s) assessments of well led NHS trusts. General practitioners and adult social care providers followed in November - September 2017;
- 2017/18 Data Security and Protection Requirements published - October 2017;
- Text messaging relay service launched - November 2017;
- First health cyber-attack simulated table top exercise - December 2017;
- 34 of our major trauma centres and ambulance trusts completed on-site assessments - December 2017;
- 190 organisations completed on-site assessments - January 2018;
- Additional £25 million funding secured to support major trauma centres and ambulance trusts with their critical infrastructure - January 2018;
- Initial £150 million identified via reprioritisation across NHS IT portfolio to continue investment in local infrastructure and national systems and services to improve monitoring, resilience and response - January 2018;
- 100% of NHS trusts and Commissioning Support Units signed up to CareCERT Collect - January 2018;
- New Cloud guidance published - January 2018;
- New CQC unannounced cyber security inspections pilot started - February 2018; and
- All major trauma centres and ambulance trusts completed on-site assessments - February 2018.
These actions are further described in ‘Securing cyber resilience in health and care: A progress update’ published by the Department on 1 February 2018 which can be accessed at the link below: