Extra £21m pledged to boost cyber security across NHS
Ministers have said NHS Digital will broadcast alerts about cyber threats to hospitals.
The Government is pledging an extra £21 million for cyber security across the NHS in the wake of the WannaCry ransomware attack.
Ministers have said NHS Digital will broadcast alerts about cyber threats to hospitals, provide a hotline for dealing with incidents and also carry out on-site assessments to check security.
Work is also under way to establish a fast and cost-effective way for the NHS to completely move away from unsupported operating systems, including Windows XP, which was the focus of much criticism following the attack in May.
The Department of Health said use of Windows XP has fallen in the past 18 months from 18% to 4.7%.
The £21 million will help boost security at major trauma sites, of which there are 27 across England.
The pledges form the Government’s response to a report last July from the Care Quality Commission (CQC) and National Data Guardian, Dame Fiona Caldicott.
The CQC and Dame Fiona wrote to Health Secretary Jeremy Hunt several months before WannaCry happened, warning that an “external cyber threat is becoming a bigger consideration” within the NHS.
Their data security review of 60 hospitals, GP surgeries and dental practices found there was a “lack of understanding of security issues”.
It warned that patient data breaches were often caused by hurried staff working “with ineffective processes and technology”.
The attack in May was a global attack, affecting thousands of computers in around 150 countries.
In England, 47 NHS trusts reported problems and 13 NHS organisations in Scotland were affected.
In the new report, ministers have pledged that by December 2018, people will be able to access a digital service to help them understand who has accessed their summary care record.
This is a brief description of existing health needs and care that is available online to a treating clinician via a protected site.
By March 2020, people will also be able to use online services to see how their personal confidential data collected by NHS Digital has been used for purposes other than for their direct care.
People will also be given the choice to opt out of sharing their data beyond their direct care, which will be applied across the health and social care system.
There will also be “meaningful sanctions against criminal and reckless behaviour” if it leads to personal data being exposed or the deliberate re-identification of individuals.
The National Data Guardian’s position will be put on a statutory footing, the Department of Health said.
Furthermore, the Government has changed the NHS contract so that NHS organisations are now formally required to adopt data security standards set down by the CQC and Dame Fiona.
This will include security training for staff and extensive contingency plans to respond to threats to data security.