The UK government has unveiled a new cybersecurity strategy for England.
The cybersecurity strategy for health and adult social care sets out a plan to promote cyber resilience across the sector by 2030.
More than 40 million people now have an NHS login, helping them book appointments, track referrals and order medications online. More than 50 percent of social care providers now use a digital social care record, helping staff share information about the people they care for. As digital systems are adopted to improve health and care services for people across the country, it is vital the health and care sector has the tools it needs to better protect patients’ information, says the government.
The new strategy will ensure health and adult social care organisations across England can identify areas in the sector which are most vulnerable, and better utilise resources and expertise across the country to defend against cyberattacks.
“We’re harnessing the power of technology to deliver better, safer care to people across the country – but at the same time it’s crucial we’re also bolstering the defences of our health and care services,” said Health Minister Lord Markham.
“This new strategy will be instrumental to ensure every organisation in health and adult social care is set up to meet the challenges of the future. This is an important step to ensure we’re building an NHS which is sustainable and fit for the future, with patients at the centre.”
Five-point plan
The plan includes five pillars to minimise the risk of cyberattacks and other cybersecurity issues, and to improve response and recovery following any incidents across health and social care systems including for adult social care, primary and secondary care. This includes:
If you liked this content…
Most NHS staff not confident in current cyber defences
How the NHS can reduce the risk from the endless loop of supply chain attacks
In the Spotlight: South West London Integrated Care Board
The war on ransomware and what this means for the healthcare sector
Healthcare organisations lose 20 percent of sensitive data in every ransomware attack
- Identifying the areas of the sector where disruption would cause the greatest harm to patients, such as through sensitive information being leaked or critical services being unable to function
- Uniting the sector so it can take advantage of its scale and benefit from national resources and expertise, enabling faster responses and minimising disruption
- Building on the current culture to ensure leaders are engaged and the cyber workforce is grown and recognised, and relevant cyber basics training is offered to the general workforce
- Embedding security into the framework of emerging technology to better protect it against cyber threat
- Supporting every health and care organisation to minimise the impact and recovery time of a cyber incident
A full implementation plan will be published in summer 2023 setting out detailed activities and defining metrics to build and measure resilience over the next two to three years.
National cybersecurity teams will also work with local and regional health and care organisations to achieve the visions and aims of the strategy. This will include enhancing the NHS England CSOC, publishing a comprehensive and data-led landscape review of cybersecurity in adult social care, and updating the Data Security and Protection Toolkit (DSPT) to empower organisations to own their cyber risk.
New strategy “urgently needed”
“It’s very difficult for the NHS to prioritise spend on new technology. That’s why its systems have become outdated and vulnerable in many cases, and the government’s new strategy to protect the NHS from attack is so urgently needed,” notes Jonathan Bridges, chief innovation officer at technology provider, Exponential-e.
“Budget is a big reason why current approaches are failing. Often it’s capital-based, and the public sector’s ability to increase operational budgets is challenging, but modern day security services are considered operational. So given the cost of the average cyber specialist is increasing, and resources are in much shorter supply, it’s often very difficult for the NHS to fund the cyber protection it needs.
“Investment in cyber education is equally important, to raise awareness of its crucial role in front-line services. Advising operations leads to identify where their critical data is stored, where their vulnerabilities lie, and what tactical and strategic protection is needed to fix those vulnerabilities and stifle attacks, is a must. That informed knowledge of cyber risk at an operational level, and how that risk could impact the quality of treatment, is fundamental to making sure patient care is never compromised in the event of attacks.”
Check out THINK Cybersecurity for Government, a virtual event, on April 27, 2023.
