NHS Digital should appoint a national Chief Information and Security Officer, review finds

The newly-released ‘lessons learned’ review of the WannaCry incident sets out a series of recommendations to strengthen cyber resilience across the service in England.

[London, UK] NHS Digital should appoint a national Chief Information and Security Officer (CISO) to lead the cybersecurity agenda across health and care in England, a new report looking into the WannaCry cyber-attack has found.

The review of the Chief Information Officer for Health and Care in England, Will Smart, released ahead of NHS England’s February board meeting, sets out a variety of recommendations to strengthen cyber resilience across the service.

“As other industries have learned, no organisation can be completely immune from a cyber-attack and there is no room for complacency. The occurrence of cyber-attacks across the UK economy is increasing so, in the judgement of most industry experts, it is not a question of ‘if’, but ‘when’ the next cyber-attack strikes the health and social care system,” the CIO said.

The review asks all NHS organisations to develop local plans that would ensure they comply with the Cyber Essentials Plus standard by the summer of 2021, to be sent to NHS Digital before 30 June this year. NHS Digital has been tasked with putting together a framework to help organisations based on assessments already made.

It advises NHS Digital to appoint a dedicated cybersecurity lead to work with the national CISO, NHS England and NHS Improvement, among other partners, to drive improvements and standardisation.

An expert panel including CIOs, CCIOs and NHS Digital representatives will be formed to ‘define and consult on a set of IT infrastructure, application and service management guidelines’ for all health and care organisations hosting clinical data.

Last week, the Department of Health and Social Care published an update on the work carried out to ensure the service is 'as prepared as possible for future cyber-attacks'. 

Related content:

A look at cybersecurity across the NHS after the WannaCry cyber-attack 

Related News

Three regions selected as Local Health and Care Record Exemplars

Greater Manchester, Wessex and One London will receive up to £7.5m during the next two years to build on existing local shared record initiatives

Former Skyscanner CTO joins NHS Scotland to build national digital platform in ‘world first’ initiative

Dr Alistair Hann joins the NHS as CTO of the new Digital Service based within NHS Education for Scotland

Researchers set out roadmap to restore trust in big data for health science

In the wake of the Cambridge Analytica - Facebook data scandal, researchers warn the health and science community needs to restore public trust