The government has pledged £21m to strengthen cyber security across NHS sites, following major recent “WannaCry” ransomware attacks on health service systems.
The extra funding will be used in 27 major trauma hospitals to modernise IT systems, train staff and protect against further cyber attacks. The move is part of the government’s response to 2016’s Caldicott report, published this week, which looked at all aspects of data security in the NHS.
The report sets out 10 recommendations on data security, all of which have been accepted by the government. The decision to allocate an extra £21m into cyber security follows the May 2017 ransomware outbreak which exploited the outdated and unsupported Windows XP operating system used in many NHS trusts.
The Department of Health revealed that Windows XP operating systems were being phased out across the health service, with use falling 13.3 percent over the past 18 months. They plan for all local organisations to move away from the unsupported system by April 2018.
Other measures outlined in the Caldicott report include protecting systems against data breaches, putting the responsibility for data security in the hands of NHS bosses, and the introduction of a simpler “opt-out” model for patient data.
From May 2018 the Care Quality Commission will include cyber security inspections into their standard inspection procedures, says the report.
Responding to the government’s announcement, Professor Helen Stokes-Lampard, Chair of the Royal College of GPs, said: “Robust cyber security and effective, safe data sharing between healthcare professionals are both imperative to ensure our patients receive the best possible care right across the NHS.
““The cyber-attack in April was a wake-up call to many of us working in the health service about the fragility of the IT systems we are using, not just to keep our patients’ data safe, but to keep our surgeries functioning. Dame Fiona Caldicott put forward some excellent recommendations, including more investment and the need for suitable alert systems, in her report earlier this year, and we are encouraged that the Department of Health plans to adopt these standards in full – and has already done so in some cases.”
Under Secretary of State for Health, Lord O’Shaughnessy, said: “The NHS has a long history of safeguarding confidential data, but with the growing threat of cyber-attacks including the WannaCry ransomware attack in May, this government has acted to protect information across the NHS.”