|
answer text |
<p>Cyber resilience in the health and care system is an issue that the Government
takes very seriously.</p><p> </p><p>We have changed the National Health Service standard
contract to include, from April 2017, cyber security requirements.</p><p> </p><p>Evidence
shows that the use of unsupported systems is continuing to reduce in health and care,
as organisations replace older hardware. Latest estimates suggest the usage of Windows
XP in the NHS has reduced from 15-18% at December 2015, to 4.7% of systems currently.</p><p>
</p><p>The 12 May 2017 ransomware incident affected the NHS in the United Kingdom.
It is standard practice to review any major incident in the NHS. Further, the Chief
Information Officer for health and care is undertaking a review into the May 2017
cyber-attack which is expected to conclude in the autumn.</p><p> </p><p>The identifiable
cost of emergency measures put in place to specifically address the NHS ransomware
attack on 12 May 2017 was approximately £180,000. These costs were borne by NHS Digital
and NHS England from internal budgets. Information relating to any expenditure incurred
by individual local NHS trusts or other NHS organisations is not collected centrally.</p><p>
</p><p>We do not comment more widely on matters of security.</p>
|
|