Question to the Department of Health and Social Care:

To ask His Majesty's Government, further to their policy paper A cyber resilient health and adult social care system in England: cyber security strategy to 2030, published on 22 March 2023, what progress they have made in aligning cyber resilience standards within the different organisations of the healthcare sector; how many extra staff will be needed to undertake this; and what is their target date for completion.

We are increasing cyber resilience across the National Health Service. Over £338 million has been invested to date, and in March 2023 the Cyber security strategy for health and social care: 2023 to 2030 was published, outlining ambition in this area. The new Government are delivering the Cyber Improvement Programme, from 2022/23 to 2024/25, that addresses the changing cyber risk landscape, expands protection and services, and reduces the risk of a successful attack across the healthcare sector.

Health and care providers continue to demonstrate alignment to the cyber resilience standards through the Data Security Protection Toolkit submission, supported by the Cyber Improvement Programme.

Work continues to be delivered to meet the 2030 target, including a suite of work to develop and grow the cyber workforce in an evolving threat environment. The programme is looking to further strengthen existing national cyber security controls for health and care, which already includes continuous cyber monitoring through NHS England’s Cyber Security Operations Centre, national-scale defences from cyberattack, such as Secure Boundary, and nationally provided cyber incident response contracts in the event of a cyber incident.