The UK government announced today a new strategy that will promote cyber resilience across the health and care sectors by 2030, protecting both services and patients. The strategy will ensure that health and adult social care organisations across England are ready to meet the challenges of the future, including identifying vulnerable areas in the sector, better utilising resources and expertise across the country to prevent cyber attacks.
5 Key Pillars Help Protect the NHS from Cyber Threats
The new strategy outlines 5 key pillars to reduce the risk of cyber attacks and other cyber security issues, and to improve response and recovery following any incidents across health and social care systems. These include:
- Identifying the areas of the sector where disruption would cause the greatest harm to patients, such as through sensitive information being leaked or critical services being unable to function.
- Uniting the sector so it can take advantage of its scale and benefit from national resources and expertise, enabling faster responses and minimising disruption.
- Building on the current culture to ensure leaders are engaged and the cyber workforce is grown and recognised, and relevant cyber basics training is offered to the general workforce
- Embedding security into the framework of emerging technology to better protect it against cyber threat
- Supporting every health and care organisation to minimise the impact and recovery time of a cyber incident
A full implementation plan is due to be released in summer 2023, setting out activities to build and measure resilience over the next two to three years.
Health Minister Lord Markham said: "We’re harnessing the power of technology to deliver better, safer care to people across the country - but at the same time it’s crucial we’re also bolstering the defences of our health and care services." He continues to state how "this new strategy will be instrumental to ensure every organisation in health and adult social care is set up to meet the challenges of the future. This is an important step to ensure we’re building an NHS which is sustainable and fit for the future, with patients at the centre."
With an estimated daily 950,000 general practice appointments, 45,000 major A&E department attendances and 137,000 imaging events recorded a cyber security attack has great potential to impact health services significantly.
NHS Cyber Security Attacks
The NHS has been a target for cyber criminals in the past. On 4 August 2022, the NHS 111 service in the UK was knocked offline. The service provider had suffered a major incident which later was stated to be a ransomware attack. In 2017 the NHS was previously hit by ransomware attack that disrupted hospital and GP appointments.
The government strategy outlines areas it considers to pose challenges to achieving a greater cyber resilience which include supply chain vulnerabilities, a limited cyber workforce, and legacy technology.
You can read the full policy paper online published by the UK Government which outlines the cyber security strategy in detail.
