NHS: Cybercrime

(asked on 6th September 2017) - View Source

Question to the Department of Health and Social Care:

To ask the Secretary of State for Health, what steps his Department has taken to improve the security of NHS passwords since the WannaCry cyber attack in May 2017.


Answered by
Jackie Doyle-Price Portrait
Jackie Doyle-Price
This question was answered on 11th September 2017

The global WannaCry cyber attack in May 2017 has reaffirmed the potential for cyber incidents to impact directly on patient care and the need for our health and care system to act decisively to minimise the impact on essential front-line services. Weak passwords were not a vulnerability exploited in the WannaCry attack.

Passwords are one element of ensuring the cyber security of National Health Service organisations, and improving them is part of a wider set of standards as introduced in the Government’s response Your Data: Better Security, Better Choice, Better Care published on 12 July 2017. The Government’s response accepts the 10 Data Security Standards recommended by the National Data Guardian. A copy of the response is available at the following link:

https://www.gov.uk/government/news/government-responds-on-cyber-security-and-data

The NHS contract has been changed so that NHS organisations are formally required to adopt data security standards including security training for staff and annual reviews of processes.

NHS Digital is supporting local organisations to strengthen cyber security by sharing best practice across the health and care system and carrying out on-site assessments.

Reticulating Splines