Government sets strategy to bolster NHS and social care’s cyber defence

The new strategy sets out five key ways to build cyber resilience in health and care by 2030 and is part of the government’s commitment to build a stronger, more sustainable NHS for the future. 

The Department of Health and Social Care (DHSC) has published a new cyber security strategy for England with the goal of bolstering protection of the nation’s health and adult social care services. 

The Cyber Security Strategy for Health and Adult Social Care aims to promote cyber resilience across the sector by 2030, protecting services and the patients they support.

The strategy will ensure services are better protected from cyber threats, further securing sensitive information and ensuring patients can continue accessing care safely as the NHS continues to cut waiting lists. 

The launch of the strategy comes just three weeks after the Health Service Journal reported that the government failed to meet its own deadline of December 2022 for introducing a cyber security strategy for the health service.

This new strategy is designed to help health and adult social care organisations across England  meet the challenges of the future – from identifying areas in the sector that are most vulnerable, to better utilising resources and expertise across the country to defend against cyber attacks. 

The vision includes five key pillars to minimise the risk of attacks and other cyber security issues, and to improve response and recovery following any incidents across health and social care systems. These include: 

• Identifying the areas of the sector where disruption would cause the greatest harm to patients, such as through sensitive information being leaked or critical services being unable to function. 
• Uniting the sector so it can take advantage of its scale and benefit from national resources and expertise, enabling faster responses and minimising disruption. 
• Building on the current culture to ensure leaders are engaged, the cyber workforce is grown and recognised, and relevant cyber basics training is offered to the general workforce. 
• Embedding security into the framework of emerging technology to better protect it against cyber threat. 
• Supporting every health and care organisation to minimise the impact and recovery time of a cyber incident.  

Health Minister Lord Markham said: “We’re harnessing the power of technology to deliver better, safer care to people across the country – but at the same time it’s crucial we’re also bolstering the defences of our health and care services. 

Meeting future challenges

“This new strategy will be instrumental to ensure every organisation in health and adult social care is set up to meet the challenges of the future. This is an important step to ensure we’re building an NHS which is sustainable and fit for the future, with patients at the centre.” 

NHS Trusts now have a direct link to NHS England’s Cyber Security Operations Centre (CSOC), providing real time protection of any suspicious activity to approximately 1.7 million devices across the NHS network. Around 21 million malicious emails are also blocked every month.  

A full implementation plan will be published in Summer 2023 setting out detailed activities and defining metrics to build and measure resilience over the next two to three years.  

National cyber security teams will also work closely with local and regional health and care organisations to achieve the visions and aims of the strategy.

This work will include enhancing the CSOC, publishing a comprehensive and data-led landscape review of cyber security in adult social care, and updating the Data Security and Protection Toolkit (DSPT) to empower organisations to own their cyber risk.