View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 22, 2023updated 23 Mar 2023 9:23am

UK government releases ‘urgently needed’ cyber resilience strategy for the NHS

The strategy details what needs to be updated and how, ensuring the NHS will be resilient against cyberattacks by 2030.

By Claudia Glover

The UK government has released a new strategy today in a bid to boost NHS cyber resilience. At least £15m will be devoted to cyber defences within adult social care, the role of NHS England’s cybersecurity operations centre will be enhanced and national training and support will be provided by 2025.

NHS strategy released today details plans for shoring up cyber resilience for the health body by 2030. (Photo by Marbury/Shutterstock)

The NHS cyber strategy aims to shore up the resilience of the NHS in its entirety by 2030.

Health services around the world have become common targets for cybercriminals. The NHS was hit last summer when the 111 non-emergency phone line was crippled when one of its suppliers, Advanced, suffered a ransomware attack by the LockBit gang.

UK government releases cyber resilience strategy for the NHS

The strategy comprises five pillars that show where the focus will lie. It is expected to enhance the healthcare sector’s protection against cybercrime, paying particular attention to protecting the NHS against ransomware

A detailed implementation plan will be released in the summer of 2023 in order to document the strategy’s progress, particularly for the next two to three years.

The risks that the NHS is currently facing are encompassed in the strategy, outlined as phishing, automated scanning for common software vulnerabilities and attempted fraud. 

To protect against these risks in the short term, the DHSC has pledged at least £15m to improve the cybersecurity of adult social care. Measures to implement this will be defined in a future “comprehensive and data-led landscape review on the status of cybersecurity in adult social care, spending at least $15m over the next two years in response to that review,” the Department for Health and Social Care (DHSC) explains.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Funding will also be provided for “local cyber resilience with local training and support by 2025,” the report continues, as well as developing a framework to enhance and develop the NHS cybersecurity operations centre. 

NHS cybersecurity strategy has five pillars

Long-term goals include making patients and service users safer with a heightened focus on five “pillars,” which will provide structure to the enhancement of the NHS’s cyber resilience. 

The five pillars – focus on the greatest risks and harms, defend as one, people and culture, build secure for the future exemplary response and recovery – have detailed goals for 2030.

The five pillars will be supported by a national implementation plan which will “detail activities and define metrics to build and measure resilience over the next two to three years”. It will be released in the coming months.

Lord Nick Markham CBE, the parliamentary under-secretary of state in the DHSC, explained that the new strategy is crucial to ensuring the safety of patients in the NHS.

“We’re harnessing the power of technology to deliver better, safer care to people across the country – but at the same time it’s crucial we’re also bolstering the defences of our health and care services,” he said.

“This new strategy will be instrumental to ensure every organisation in health and adult social care is set up to meet the challenges of the future. This is an important step to ensure we’re building an NHS which is sustainable and fit for the future, with patients at the centre,” the minister concluded.

Strategy ‘urgently needed’ as budgets are cut

At a time when NHS budgets are stretched like never before, the strategy was urgently needed, says Jonathan Bridges, chief innovation officer at cybersecurity vendor Exponential-e.

“It’s very difficult for the NHS to prioritise spend on new technology. That’s why its systems have become outdated and vulnerable in many cases, and the government’s new strategy to protect the NHS from attack is so urgently needed,” Bridges said.

“Budget is a big reason why current approaches are failing. Often it’s capital-based, and the public sector’s ability to increase operational budgets is challenging, but modern-day security services are considered operational. So given the cost of the average cyber specialist is increasing, and resources are in much shorter supply, it’s often very difficult for the NHS to fund the cyber protection it needs.”

Read more: SpaceX contractor hit by ransomware attack

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU