A Covid-19 Cyber Action Plan has been developed for the NHS in response to growing fears of cyber attacks during the pandemic.
John Noble (pictured), non-executive director and lead on information and cyber security for the board of NHS Digital, said the organisation has been working with NHSX, the National Cyber Security Centre and commercial partners on the plan.
It is aimed at providing a range of targeted services, building on existing support, to reduce the risks from cyber attacks on local NHS organisations.
Elements include technical remediation, which involves suppliers providing NHS bodies with cyber security assessments and direct support to remediate any vulnerabilities. NHS Digital is managing a contractual framework for dealing with the approved suppliers, aimed at ensuring they can provide the relevant support quickly.
It has also accelerated the onboarding to its NHS Secure Boundary solution – a next generation firewall and web application firewall – and increased its incident response capacity.
This comes after a marked increase in the take-up of its existing services since the pandemic began.
Noble said the increase in remote working has made NHS bodies and staff, and companies in the supply chain, targets for attacks and email fraud. He emphasised the dangers of a significant ransomware attack and said the NHS should be prepared for hostile actors.
“It is critical that during the ever-increasing digitalisation of the health and care system, we always remain alert to the heightened risks of cyber attacks,” he said.
“The NCSC is working very closely with NHS Digital whilst continuing to adhere to all its usual information governance and security safeguards. Sensitive data about patients must only be shared with those who have a real need to see it.”
Image from NHS Digital