NHS Digital should appoint a national Chief Information and Security Officer, review finds
[London, UK] NHS Digital should appoint a national Chief Information and Security Officer (CISO) to lead the cybersecurity agenda across health and care in England, a new report looking into the WannaCry cyber-attack has found.
The review of the Chief Information Officer for Health and Care in England, Will Smart, released ahead of NHS England’s February board meeting, sets out a variety of recommendations to strengthen cyber resilience across the service.
“As other industries have learned, no organisation can be completely immune from a cyber-attack and there is no room for complacency. The occurrence of cyber-attacks across the UK economy is increasing so, in the judgement of most industry experts, it is not a question of ‘if’, but ‘when’ the next cyber-attack strikes the health and social care system,” the CIO said.
The review asks all NHS organisations to develop local plans that would ensure they comply with the Cyber Essentials Plus standard by the summer of 2021, to be sent to NHS Digital before 30 June this year. NHS Digital has been tasked with putting together a framework to help organisations based on assessments already made.
It advises NHS Digital to appoint a dedicated cybersecurity lead to work with the national CISO, NHS England and NHS Improvement, among other partners, to drive improvements and standardisation.
An expert panel including CIOs, CCIOs and NHS Digital representatives will be formed to ‘define and consult on a set of IT infrastructure, application and service management guidelines’ for all health and care organisations hosting clinical data.
Last week, the Department of Health and Social Care published an update on the work carried out to ensure the service is 'as prepared as possible for future cyber-attacks'.