Asked by: Baillie, Jackie (Scottish Labour - Dumbarton)
Question
To ask the Scottish Government how the reported cyber attacks in NHS Scotland led to medical information about patients being accessed.
Answered by Gray, Neil - Cabinet Secretary for NHS Recovery, Health and Social Care
A cyber threat actor was able to gain unauthorised access to NHS Dumfries and Galloway's infrastructure during a targeted and sustained cyber-attack. As the member will understand,NHS Dumfries and Galloway's IT infrastructure contains information that includes patient's medical information.
The member may find the frequently asked questions published by NHS Dumfries and Galloway to be of use in finding further information: Cyber Attack – FAQ – NHS Dumfries & Galloway (nhsdg.co.uk) .
Jan. 23 2024
Source Page: UK and allies sanctions Russian cyber hackerFound: UK and allies sanctions Russian cyber hacker
Mentions:
1: Oliver Dowden (Con - Hertsmere) The cyber threat facing the United Kingdom is intensifying. - Speech Link
2: Nick Smith (Lab - Blaenau Gwent) Deputy Prime Minister say what is being done to onshore these critical roles to protect our economy from attacks - Speech Link
3: Jonathan Ashworth (LAB - Leicester South) Given that we are seeing more of these ransomware group attacks on public institutions across the world - Speech Link
4: Oliver Dowden (Con - Hertsmere) and that is why we have taken a range of actions, including for the first time directly attributing attacks - Speech Link
5: Oliver Dowden (Con - Hertsmere) The argument against doing so is that it could discourage companies that are subject to ransomware attacks - Speech Link
Asked by: Baillie, Jackie (Scottish Labour - Dumbarton)
Question
To ask the Scottish Government what tests of IT systems regarding their vulnerability to cyber attacks are undertaken (a) by individual NHS boards and (b) on an NHS Scotland-wide basis.
Answered by Gray, Neil - Cabinet Secretary for NHS Recovery, Health and Social Care
The Network and Information System Regulations set out standards which NHS Scotland Health Boards must comply with. Boards must test themselves against these standards which cover managing security risk, defending systems against cyber-attack, detecting cyber security events, and minimising the impact of cyber security incidents. This is in addition to mandatory information security and data protection risk/impact assessments and routine penetration testing on all major IT systems.
The NHS Scotland Cyber Centre of Excellence (CCoE), works nationally across health boards to prioritise the security capabilities of existing technologies and deployment of new tooling. This allows real time discovery of vulnerabilities and potential issues across a national view.
Asked by: Andrew Rosindell (Conservative - Romford)
Question to the Department for Education:
To ask the Secretary of State for Education, what steps her Department is taking to help tackle cyber attacks on schools.
Answered by Damian Hinds - Minister of State (Education)
Educational settings in England are responsible for maintaining their IT systems and Cyber Security. The department has a small, dedicated sector cyber security team to support this activity. This team provides appropriate guidance and advice, via regular targeted and broad communications, to help schools adhere to and maintain good cyber security standards. The department provides guidance for schools and colleges on how to help protect against a cyber incident. This guidance can be found on GOV.UK.
The department also works closely with the National Cyber Crime Security Centre (NCSC) and Joint Information Systems Committee (JISC) to ensure that up-to-date cyber security guidance is shared with schools, colleges and universities.
The department’s Risk Protection Arrangement (RPA) has more than 9,900 member schools, which represents 52% of eligible schools in England, and includes cover for cyber incidents as standard from the 2022/23 membership years. In the event of a cyber incident, RPA members have access to a 24/7 Incident Response Service.
The department’s dedicated sector cyber security function provides advice in response to cyber security enquiries and incident reports from the sector, liaising with the affected institution following an incident to advise on steps to mitigate the threat and provide guidance on recovery.
Mentions:
1: Gray, Neil (SNP - Airdrie and Shotts) has stood up the Scottish multi-agency cyber incident support arrangements. - Speech Link
2: Harper, Emma (SNP - South Scotland) Such attacks will continue to happen and will have serious consequences. - Speech Link
3: Gray, Neil (SNP - Airdrie and Shotts) We continually review and regularly audit all health boards’ cyber resilience. - Speech Link
May. 16 2024
Source Page: Improving UK cyber resilience: AI, software and skillsFound: Improving UK cyber resilience: AI, software and skills
May. 16 2024
Source Page: Improving UK cyber resilience: AI, software and skillsFound: Improving UK cyber resilience: AI, software and skills
Asked by: Lord Bishop of St Albans (Bishops - Bishops)
Question to the Department for Transport:
To ask His Majesty's Government what assessment they have made of the potential impact upon national security of Chinese-made electric vehicles; and whether they plan to further investigate any risks that may arise.
Answered by Lord Davies of Gower - Parliamentary Under-Secretary (Department for Transport)
DfT co-chairs the UN Economic Commission for Europe (UNECE) group that developed two new international regulations related to connected vehicles – one on cyber security and one on software updates. The cyber security regulation sets out requirements to mitigate potential threats in vehicle construction, to monitor emerging threats and to respond to cyber attacks.
The Government takes national security extremely seriously. The Department for Transport (DfT) works closely with the transport sector and the National Cyber Security Centre (NCSC), and other Government departments, including the Department for Business and Trade (DBT) and Department for Science Innovation and Technology (DSIT), to understand and respond to cyber vulnerabilities associated with all connected vehicles, including electric vehicles.
Asked by: White, Tess (Scottish Conservative and Unionist Party - North East Scotland)
Question
To ask the Scottish Government, in light of the reported cyber attack that took place on NHS Dumfries and Galloway on 15 March 2024, how it is working with (a) all NHS boards, (b) Police Scotland and (c) the National Cyber Security Centre, to ensure that NHS IT systems are not compromised further by similar attacks.
Answered by Gray, Neil - Cabinet Secretary for NHS Recovery, Health and Social Care
The Scottish Government continues to support NHS Dumfries and Galloway respond to the cyber-attack through the provision of the Scottish multi-agency cyber incident support arrangements. These arrangements bring national agencies, including the National Cyber Security Centre, law enforcement (including Police Scotland), NHS Cyber Security Centre of Excellence, NHS Boards and the Scottish Government together to support the response and recovery to the incident.
For further information I refer the member to the answer to question S6T-01869 on 19 March 2024 which is available on the Parliament's website, the search facility for which can be found at https://www.parliament.scot/chamber-and-committees/official-report/search-what-was-said-in-parliament .