Government boosts funding for NHS cybersecurity

CREDIT: This story was first seen in On Medica

The government has announced that investment in data and cyber security will be increased to above £50m, and include a new £21m capital fund to ensure the resilience of major trauma centres, On Medica reports.

The £21 million will be shared between hospitals in the NHS’s network of 27 major trauma centres across England, and has been made in response to the WannaCry attack which began on May 12 and disabled computers in organisations across the world, including the NHS.

The attack prevented 48 hospital trusts in England and several GP surgeries in England and Scotland from accessing patient data and led to operations and appointments being cancelled and delayed.

Work is underway in parallel to determine the fastest and most cost-effective way to support the NHS to move from unsupported operating systems, including Windows XP, which are thought to have made the service more vulnerable to attack.

Details of the funding are set out in Your Data: Better Security, Better Choice, Better Care, which is the government’s response to a report into NHS data security published earlier this year by Dame Fiona Caldicott, the national data guardian. The government accepted the report’s recommendations.

As a result, the National Data Guardian’s position will be put on a statutory footing and stronger sanctions will be introduced by May 2018 to protect anonymised data, including severe penalties for negligent or deliberate re-identification of individuals.

The government also announced plans to give patients and the public more access to, and control over, their personal data, build confidence in the importance of secure data to provide better individual care and treatment, and support research and planning across the health system.

Work is underway in parallel to determine the fastest and most cost-effective way to support the NHS to move from unsupported operating systems, including Windows XP.

You might also like...  Health tourism charges come into force in England

The NHS contract has been changed so that NHS organisations are formally required to adopt data security standards as recommended by the independent National Data Guardian for Health and Care, including: security training for staff, annual reviews of processes, and extensive contingency plans to respond to threats to data security.

Health Minister Lord O’Shaughnessy said: “The NHS has a long history of safeguarding confidential data, but with the growing threat of cyber-attacks including the WannaCry ransomware attack in May, this government has acted to protect information across the NHS.

“Only by leading cultural change and backing organisations to drive up security standards across the health and social care system can we build the resilience the NHS needs in the face of a global threat.”

Don’t forget to follow us on Twitter, or connect with us on LinkedIn!