| answer text |
<p>The information requested on cyber spending covers sensitive detail about cyber
security investment for the National Health Service. In this instance, releasing this
information at the level of any annual breakdown may assist in determining the effectiveness
of detecting cyber-attacks on the NHS, and could compromise measures to protect NHS
IT systems, leaving them vulnerable to future cyber-attacks.</p><p>However, in total,
over £250 million will have been invested nationally to improve the cyber security
of the health and care system between 2016 and 2021. This excludes both investment
by local organisations, and wider national IT investment which supports better security
such as Microsoft licensing for NHS organisations.</p><p>Regarding the steps taken
to defend against cyber attacks on the NHS, the active cyber defence of NHS organisations
is a local responsibility for each organisation to carry out. However, there is national
support and practical guidance available to NHS organisations which is primarily delivered
by NHS Digital but supported and prioritised for the highest risk organisations by
NHS England and the Department. In the event of national-scale incidents that affect
many health and care organisations, NHS Digital plays a vital role in coordinating
and ensuring appropriate technical remediation, as part of the wider cross-system
cyber security response led by the Department.</p>
|
|
