Question to the Department of Health and Social Care:
To ask the Secretary of State for Health and Social Care, with reference to the recent suspected ransomware attack on a hospital in Dusseldorf, what assessment he has made of the NHS’s ability to withstand a cyber attack.
Thanks to over £250 million of investment nationally by 2021, the cyber maturity and security posture of National Health Service organisations has increased over the past three years and continues to do so. Cyber attacks, including ransomware attacks, remain a major risk for the NHS and the cyber programme we have implemented has a strong focus on managing that risk.
We are using the Data Security and Protection Toolkit (DSPT) to assess cyber security performance at an organisation level, and this information is collated nationally to help inform policy and investment decisions. The DSPT helps organisations understand their data and cyber security risks and encourages the inclusion of cyber security in business continuity planning.
We are also helping NHS organisations increase their preparedness to recover from successful cyber attacks. During the COVID-19 response period, we have put in place additional cyber security protection for the NHS, including additional incident response capacity, a rapid remediation programme, and enhancements to the NHS Digital Cyber Security Operations Centre to increase monitoring.