The Government is pledging an extra £21 million for cyber security across the NHS in the wake of the WannaCry ransomware attack.
Ministers have said NHS Digital will broadcast alerts about cyber threats to hospitals, provide a hotline for dealing with incidents and also carry out on-site assessments to check security.
Work is also under way to establish a fast and cost-effective way for the NHS to completely move away from unsupported operating systems, including Windows XP, which was the focus of much criticism following the attack in May.
#CyberSecurity: read @DHgovuk response to @NDGoffice and @CareQualityComm reviews on data https://t.co/qxquUvP33d #DataSavesLives
— Department of Health (@DHgovuk) July 12, 2017
The Department of Health said use of Windows XP has fallen in the past 18 months from 18% to 4.7%.
The £21 million will help boost security at major trauma sites, of which there are 27 across England.
The pledges form the Government’s response to a report last July from the Care Quality Commission (CQC) and National Data Guardian, Dame Fiona Caldicott.
The CQC and Dame Fiona wrote to Health Secretary Jeremy Hunt several months before WannaCry happened, warning that an “external cyber threat is becoming a bigger consideration” within the NHS.
Health Secretary Jeremy Hunt was warned about the threat (Neil Hall/PA)
Their data security review of 60 hospitals, GP surgeries and dental practices found there was a “lack of understanding of security issues”.
It warned that patient data breaches were often caused by hurried staff working “with ineffective processes and technology”.
The attack in May was a global attack, affecting thousands of computers in around 150 countries.
In England, 47 NHS trusts reported problems and 13 NHS organisations in Scotland were affected.
(Dominic Lipinski/PA)
In the new report, ministers have pledged that by December 2018, people will be able to access a digital service to help them understand who has accessed their summary care record.
This is a brief description of existing health needs and care that is available online to a treating clinician via a protected site.
By March 2020, people will also be able to use online services to see how their personal confidential data collected by NHS Digital has been used for purposes other than for their direct care.
People will also be given the choice to opt out of sharing their data beyond their direct care, which will be applied across the health and social care system.
On Govt response to NDG we'll build trust/understanding of data sharing working w/ patients/partners https://t.co/PzXzCiM8OY #DataSavesLives
— NHS Digital (@NHSDigital) July 12, 2017
There will also be “meaningful sanctions against criminal and reckless behaviour” if it leads to personal data being exposed or the deliberate re-identification of individuals.
The National Data Guardian’s position will be put on a statutory footing, the Department of Health said.
Furthermore, the Government has changed the NHS contract so that NHS organisations are now formally required to adopt data security standards set down by the CQC and Dame Fiona.
This will include security training for staff and extensive contingency plans to respond to threats to data security.
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here