NHS: Cybercrime
(asked on 3rd September 2018) - View Source
Question to the Department of Health and Social Care:
To ask the Secretary of State for Health, what changes have been made to NHS (a) IT systems and (b) cyber security since the cyber attack in May 2017.
The National Health Service is putting in place robust measures to protect IT systems against cyber-attacks. Since May 2017 the Government has invested £60 million to support NHS providers to improve their security position, with a further £150 million pledged up until 2021 to improve the NHS’s resilience against attacks.
The Department published its progress report in February 2018 entitled ‘Securing cyber resilience in health and care: progress update’. The report is available at the following link:
Key actions taken since February 2018 include:
- signing a Windows 10 licensing agreement with Microsoft which will allow local NHS organisations to save money, reduce potential vulnerabilities and help increase cyber resilience;
- enhancing the capability of the Cyber Security Operations Centre boosting the national capability to prevent, detect and respond to cyber-attacks through the procurement of IBM as a specialist partner;
- launching the Data Security and Protection Toolkit which provides an accessible dashboard enabling trusts to track their progress in meeting the 10 Data Security Standards;
- agreeing plans to implement the recommendations of the Chief Information Officer for Health and Care’s review of the May 2017 WannaCry attack;
- provided specialist face to face security training (System Security Certified Practitioner - SSCP) for over 100 staff; and
- in May 2018 the Network and Information Security Regulations came into force which requires operators of essential services (including some NHS healthcare providers) to put appropriate security measures in place and to report significant incidents that occur.