Show Search Form

Search Results

registered interest	true false
date	exactly: or between: and
answering body
answering dept id
answering dept short name
answering dept sort name
hansard heading
house id
legislature	pref label
question text
tabling member constituency
tabling member printed
uin
answer	is ministerial correction true false date of answer exactly: or between: and answer text answering member constituency answering member printed attachment file name title grouped question UIN question first answered answering member label
tabling member	label

Search

1126877

registered interest
date	15/05/2019
answering body	Department of Health and Social Care
answering dept id	17
answering dept short name	Health and Social Care
answering dept sort name	Health and Social Care
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health and Social Care, how much the National Health Service spent on cyber security in each of the last five years.
tabling member constituency	Windsor
tabling member printed	Adam Afriyie
uin	254785
answer	answer is ministerial correction date of answer 24/05/2019 answer text <p>The information requested on cyber spending covers sensitive detail about cyber security investment for the National Health Service. In this instance, releasing this information at the level of any annual breakdown may assist in determining the effectiveness of detecting cyber-attacks on the NHS, and could compromise measures to protect NHS IT systems, leaving them vulnerable to future cyber-attacks.</p><p>However, in total, over £250 million will have been invested nationally to improve the cyber security of the health and care system between 2016 and 2021. This excludes both investment by local organisations, and wider national IT investment which supports better security such as Microsoft licensing for NHS organisations.</p><p>Regarding the steps taken to defend against cyber attacks on the NHS, the active cyber defence of NHS organisations is a local responsibility for each organisation to carry out. However, there is national support and practical guidance available to NHS organisations which is primarily delivered by NHS Digital but supported and prioritised for the highest risk organisations by NHS England and the Department. In the event of national-scale incidents that affect many health and care organisations, NHS Digital plays a vital role in coordinating and ensuring appropriate technical remediation, as part of the wider cross-system cyber security response led by the Department.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price grouped question UIN 254786 question first answered 24/05/2019 12:33:05 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	1586 label Biography information for Adam Afriyie

964572

registered interest
date	03/09/2018
answering body	Department of Health and Social Care
answering dept id	17
answering dept short name	Health and Social Care
answering dept sort name	Health and Social Care
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health, what changes have been made to NHS (a) IT systems and (b) cyber security since the cyber attack in May 2017.
tabling member constituency	Bolton North East
tabling member printed	Sir David Crausby
uin	169018
answer	answer is ministerial correction date of answer 11/09/2018 answer text <p>The National Health Service is putting in place robust measures to protect IT systems against cyber-attacks. Since May 2017 the Government has invested £60 million to support NHS providers to improve their security position, with a further £150 million pledged up until 2021 to improve the NHS’s resilience against attacks.</p><p><br> The Department published its progress report in February 2018 entitled ‘Securing cyber resilience in health and care: progress update’. The report is available at the following link:</p><p> </p><p><a href="https://www.gov.uk/government/publications/securing-cyber-resilience-in-health-and-care-progress-update" target="_blank">https://www.gov.uk/government/publications/securing-cyber-resilience-in-health-and-care-progress-update</a></p><p> </p><p>Key actions taken since February 2018 include:</p><p>- signing a Windows 10 licensing agreement with Microsoft which will allow local NHS organisations to save money, reduce potential vulnerabilities and help increase cyber resilience;</p><p>- enhancing the capability of the Cyber Security Operations Centre boosting the national capability to prevent, detect and respond to cyber-attacks through the procurement of IBM as a specialist partner;</p><p>- launching the Data Security and Protection Toolkit which provides an accessible dashboard enabling trusts to track their progress in meeting the 10 Data Security Standards;</p><p>- agreeing plans to implement the recommendations of the Chief Information Officer for Health and Care’s review of the May 2017 WannaCry attack;</p><p>- provided specialist face to face security training (System Security Certified Practitioner - SSCP) for over 100 staff; and</p><p>- in May 2018 the Network and Information Security Regulations came into force which requires operators of essential services (including some NHS healthcare providers) to put appropriate security measures in place and to report significant incidents that occur.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price question first answered 11/09/2018 10:56:06 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	437 label Biography information for Sir David Crausby

864429

registered interest
date	15/03/2018
answering body	Department of Health and Social Care
answering dept id	17
answering dept short name	Health and Social Care
answering dept sort name	Health and Social Care
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health and Social Care, what steps his Department has taken to improve the security of the IT systems in the NHS since the cyber attack of May 2017.
tabling member constituency	Leicester East
tabling member printed	Keith Vaz
uin	132912
answer	answer is ministerial correction date of answer 22/03/2018 answer text <p>Since the WannaCry cyber attack, the Department has taken a number of further actions, building on a programme of work led by the Department working with its arm’s-length bodies since 2010. These actions are described below:</p><p> </p><p>- The Department’s Data Security Incident Response Plan reviewed. System-wide Data and Cyber Security Operations Playbook developed - June 2017;</p><p>- Customer Support Agreement with Microsoft - June 2017;</p><p>- The Department’s response to National Data Guardian Review was published including cyber security plans - July 2017;</p><p>- NHS Digital published unsupported systems guidance - July 2017;</p><p>- E-learning package launched for National Health Service staff - July 2017;</p><p>- Data security now part of the Care Quality Commission’s (CQC’s) assessments of well led NHS trusts. General practitioners and adult social care providers followed in November - September 2017;</p><p>- 2017/18 Data Security and Protection Requirements published - October 2017;</p><p>- Text messaging relay service launched - November 2017;</p><p>- First health cyber-attack simulated table top exercise - December 2017;</p><p>- 34 of our major trauma centres and ambulance trusts completed on-site assessments - December 2017;</p><p>- 190 organisations completed on-site assessments - January 2018;</p><p>- Additional £25 million funding secured to support major trauma centres and ambulance trusts with their critical infrastructure - January 2018;</p><p>- Initial £150 million identified via reprioritisation across NHS IT portfolio to continue investment in local infrastructure and national systems and services to improve monitoring, resilience and response - January 2018;</p><p>- 100% of NHS trusts and Commissioning Support Units signed up to CareCERT Collect - January 2018;</p><p>- New Cloud guidance published - January 2018;</p><p>- New CQC unannounced cyber security inspections pilot started - February 2018; and</p><p>- All major trauma centres and ambulance trusts completed on-site assessments - February 2018.</p><p> </p><p>These actions are further described in ‘Securing cyber resilience in health and care: A progress update’ published by the Department on 1 February 2018 which can be accessed at the link below:</p><p> </p><p><a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/678484/Securing_cyber_resillience_in_health_and_care.pdf" target="_blank">https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/678484/Securing_cyber_resillience_in_health_and_care.pdf</a></p> answering member constituency Thurrock answering member printed Jackie Doyle-Price question first answered 22/03/2018 16:07:21 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	338 label Biography information for Keith Vaz

794235

registered interest
date	23/11/2017
answering body	Department of Health
answering dept id	17
answering dept short name	Health
answering dept sort name	Health
hansard heading	NHS: Cybersecurity
house id	2
legislature	25277 pref label House of Lords
question text	To ask Her Majesty's Government what advice, if any, they have provided to NHS Trusts regarding the need to upgrade software and improve cyber-security.
tabling member printed	Baroness Redfern
uin	HL3553
answer	answer is ministerial correction date of answer 01/12/2017 answer text <p>The Department published <em>Your Data: Better Security, Better Choice, Better Care </em>in July 2017 in which the Government accepted the 10 Data Security Standards recommended by the National Data Guardian, Dame Fiona Caldicott. The document sets out the steps National Health Service trusts are expected to take to improve their cyber security resilience. Data Security Standard 8 specifically states that no unsupported operating systems, software or internet browsers are used within the IT estate.</p><p> </p><p>NHS Digital published in May 2017 <em>Unsupported Platforms – Good Practice Guide </em>giving trusts technical guidance on how to upgrade software and improve cyber security.</p><p> </p><p>In October 2017, the Department followed up by publishing the <em>2017/18 Data Security and Protection Requirements</em>. This document sets out the steps all health and care organisations will be expected to take in 2017/18 to demonstrate that they are implementing the 10 Data Security Standards, prior to a new assurance framework coming into place from April 2018.</p><p> </p><p>In 2015, NHS Digital established CareCERT to provide national cyber support to health and care organisations. This support includes cyber alerts with advice on software updates, direct support when cyber incidents occur, and also on-site support to assess local vulnerabilities to improve local resilience and mitigate the impact of future cyber incidents.</p><p> </p><p>The above mentioned reports are attached.</p> answering member printed Lord O'Shaughnessy attachment 1 file name Managing_the_Risk_of_Unsupported_Platforms_-_Good_Practice_Guide_230517.pdf title Managing the Risk of Unsupported Platforms 2 file name 2017-18 Data Security and Protection Requirements.pdf title 2017-18 Data Security and Protection Requirements 3 file name Your Data Better Security Better Choice Better Care Government Response.pdf title Your Data Better Security Better Choice question first answered 01/12/2017 11:45:38 answering member 4545 label Biography information for Lord O'Shaughnessy
tabling member	4551 label Biography information for Baroness Redfern

786948

registered interest
date	10/11/2017
answering body	Department of Health
answering dept id	17
answering dept short name	Health
answering dept sort name	Health
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health, what changes have been made to NHS IT systems and cyber security since the cyber attack in May 2017.
tabling member constituency	Bolton North East
tabling member printed	Sir David Crausby
uin	112274
answer	answer is ministerial correction date of answer 15/11/2017 answer text <p>The National Health Service has robust measures in place to protect against cyberattacks, and since May we have taken further action to strengthen resilience and guard against future attack, including new, unannounced cyber security inspections by the Care Quality Commission, £21 million in funding to improve resilience in trauma centres, and enhanced guidance for trusts.</p><p> </p><p>Work is underway to determine the fastest and most cost effective way to move the NHS off unsupported operating systems, and we are working with the NHS to ensure unsupported systems are urgently upgraded, removed or isolated. The Department has also signed a Customer Support Agreement with Microsoft that will issue regular patches and updates for all existing Windows devices operating with Windows XP, Windows Server 2003, and SQL 2005.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price grouped question UIN 112222 question first answered 15/11/2017 17:42:12 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	437 label Biography information for Sir David Crausby

787009

registered interest
date	10/11/2017
answering body	Department of Health
answering dept id	17
answering dept short name	Health
answering dept sort name	Health
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health, what steps have been taken (a) since the WannaCry cyberattack in May 2017 to improve IT security in NHS organisations and (b) to ensure that NHS organisations update their IT systems.
tabling member constituency	Houghton and Sunderland South
tabling member printed	Bridget Phillipson
uin	112222
answer	answer is ministerial correction date of answer 15/11/2017 answer text <p>The National Health Service has robust measures in place to protect against cyberattacks, and since May we have taken further action to strengthen resilience and guard against future attack, including new, unannounced cyber security inspections by the Care Quality Commission, £21 million in funding to improve resilience in trauma centres, and enhanced guidance for trusts.</p><p> </p><p>Work is underway to determine the fastest and most cost effective way to move the NHS off unsupported operating systems, and we are working with the NHS to ensure unsupported systems are urgently upgraded, removed or isolated. The Department has also signed a Customer Support Agreement with Microsoft that will issue regular patches and updates for all existing Windows devices operating with Windows XP, Windows Server 2003, and SQL 2005.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price grouped question UIN 112274 question first answered 15/11/2017 17:42:12 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	4046 label Biography information for Bridget Phillipson

787010

registered interest
date	10/11/2017
answering body	Department of Health
answering dept id	17
answering dept short name	Health
answering dept sort name	Health
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health, what steps have been taken to educate NHS staff on how to minimise vulnerability to cyberattacks.
tabling member constituency	Houghton and Sunderland South
tabling member printed	Bridget Phillipson
uin	112223
answer	answer is ministerial correction date of answer 15/11/2017 answer text <p>A new e-learning package has been produced for staff in the health and care system, with sections covering risks and responsibilities with regards to cyber security.</p><p> </p><p>The Department is working with the National Cyber Security Centre, NHS England, NHS Digital and NHS Improvement to prepare and rehearse incident response plans and take action to strengthen communications when core computer systems are affected by cyber security incidents.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price question first answered 15/11/2017 17:40:47 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	4046 label Biography information for Bridget Phillipson

758222

registered interest
date	06/09/2017
answering body	Department of Health
answering dept id	17
answering dept short name	Health
answering dept sort name	Health
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health, what steps his Department has taken to improve the security of NHS passwords since the WannaCry cyber attack in May 2017.
tabling member constituency	Leicester South
tabling member printed	Jonathan Ashworth
uin	9272
answer	answer is ministerial correction date of answer 11/09/2017 answer text <p>The global WannaCry cyber attack in May 2017 has reaffirmed the potential for cyber incidents to impact directly on patient care and the need for our health and care system to act decisively to minimise the impact on essential front-line services. Weak passwords were not a vulnerability exploited in the WannaCry attack.</p><p> </p><p>Passwords are one element of ensuring the cyber security of National Health Service organisations, and improving them is part of a wider set of standards as introduced in the Government’s response Your Data: Better Security, Better Choice, Better Care published on 12 July 2017. The Government’s response accepts the 10 Data Security Standards recommended by the National Data Guardian. A copy of the response is available at the following link:</p><p><a href="https://www.gov.uk/government/news/government-responds-on-cyber-security-and-data" target="_blank">https://www.gov.uk/government/news/government-responds-on-cyber-security-and-data</a></p><p> </p><p>The NHS contract has been changed so that NHS organisations are formally required to adopt data security standards including security training for staff and annual reviews of processes.</p><p>NHS Digital is supporting local organisations to strengthen cyber security by sharing best practice across the health and care system and carrying out on-site assessments.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price question first answered 11/09/2017 14:37:53 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	4244 label Biography information for Jonathan Ashworth

755816

registered interest
date	04/09/2017
answering body	Department of Health
answering dept id	17
answering dept short name	Health
answering dept sort name	Health
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health, what changes have been made to the NHS' cyber security following the cyber attack in May 2017.
tabling member constituency	Hemsworth
tabling member printed	Jon Trickett
uin	7028
answer	answer is ministerial correction date of answer 12/09/2017 answer text <p>The Department developed an immediate response plan, working with the National Cyber Security Centre, NHS Digital, NHS England, NHS Improvement, and the Care Quality Commission.</p><p> </p><p>Your Data: Better Security, Better Choice, Better Care is the Government’s Response to data security and was published in July 2017. This document accepts the 10 Data Security Standards proposed by Dame Fiona Caldicott, the National Data Guardian, and sets out the timescales for how the Government plans to deliver key actions on cyber security and data sharing in a high level implementation plan.</p><p> </p><p>The immediate response plan and the high level implementation plan is being taken forward as part of the formal Data and Cyber Security Programme which includes a range of measures to build resilience and responsiveness to the health and care sector against a cyber attack.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price question first answered 12/09/2017 14:51:49 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	410 label Biography information for Jon Trickett

731862

registered interest
date	22/06/2017
answering body	Department of Health
answering dept id	17
answering dept short name	Health
answering dept sort name	Health
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health, if he will provide an update on how sensitive data is protected in the NHS; and what steps he has taken to improve cyber-security in the NHS since the ransomware attack on 12 May 2017.
tabling member constituency	Leicester South
tabling member printed	Jonathan Ashworth
uin	780
answer	answer is ministerial correction date of answer 27/06/2017 answer text <p>Cyber resilience in the health and care system is an issue that the Government takes very seriously.</p><p> </p><p>We have changed the National Health Service standard contract to include, from April 2017, cyber security requirements.</p><p> </p><p>Evidence shows that the use of unsupported systems is continuing to reduce in health and care, as organisations replace older hardware. Latest estimates suggest the usage of Windows XP in the NHS has reduced from 15-18% at December 2015, to 4.7% of systems currently.</p><p> </p><p>The 12 May 2017 ransomware incident affected the NHS in the United Kingdom. It is standard practice to review any major incident in the NHS. Further, the Chief Information Officer for health and care is undertaking a review into the May 2017 cyber-attack which is expected to conclude in the autumn.</p><p> </p><p>The identifiable cost of emergency measures put in place to specifically address the NHS ransomware attack on 12 May 2017 was approximately £180,000. These costs were borne by NHS Digital and NHS England from internal budgets. Information relating to any expenditure incurred by individual local NHS trusts or other NHS organisations is not collected centrally.</p><p> </p><p>We do not comment more widely on matters of security.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price grouped question UIN 781 782 784 question first answered 27/06/2017 16:39:59 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	4244 label Biography information for Jonathan Ashworth