NHS: Cybercrime

(asked on 15th May 2019) - View Source

Question to the Department of Health and Social Care:

To ask the Secretary of State for Health and Social Care, how much the National Health Service spent on cyber security in each of the last five years.


Answered by
Jackie Doyle-Price Portrait
Jackie Doyle-Price
This question was answered on 24th May 2019

The information requested on cyber spending covers sensitive detail about cyber security investment for the National Health Service. In this instance, releasing this information at the level of any annual breakdown may assist in determining the effectiveness of detecting cyber-attacks on the NHS, and could compromise measures to protect NHS IT systems, leaving them vulnerable to future cyber-attacks.

However, in total, over £250 million will have been invested nationally to improve the cyber security of the health and care system between 2016 and 2021. This excludes both investment by local organisations, and wider national IT investment which supports better security such as Microsoft licensing for NHS organisations.

Regarding the steps taken to defend against cyber attacks on the NHS, the active cyber defence of NHS organisations is a local responsibility for each organisation to carry out. However, there is national support and practical guidance available to NHS organisations which is primarily delivered by NHS Digital but supported and prioritised for the highest risk organisations by NHS England and the Department. In the event of national-scale incidents that affect many health and care organisations, NHS Digital plays a vital role in coordinating and ensuring appropriate technical remediation, as part of the wider cross-system cyber security response led by the Department.

Reticulating Splines