Show Search Form

Search Results

registered interest	true false
date	exactly: or between: and
answering body
answering dept id
answering dept short name
answering dept sort name
hansard heading
house id
legislature	pref label
question text
tabling member constituency
tabling member printed
uin
answer	is ministerial correction true false date of answer exactly: or between: and answer text answering member constituency answering member printed attachment file name title grouped question UIN question first answered answering member label previous answer version answering member constituency answering member printed answering member label
tabling member	label

Search

1580161

registered interest
date	24/01/2023
answering body	Department of Health and Social Care
answering dept id	17
answering dept short name	Health and Social Care
answering dept sort name	Health and Social Care
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health and Social Care, pursuant to the Answer of 1 December 2022 to Question 84943 on NHS Digital: Cybersecurity, what steps he has taken to ensure that a similar cyber incident does not occur again.
tabling member constituency	Tooting
tabling member printed	Dr Rosena Allin-Khan
uin	131274
answer	answer is ministerial correction date of answer 03/02/2023 answer text <p>This incident was not targeted against the National Health Service but against Advanced, a third-party software supplier to the NHS. We have worked closely with Advanced to restore services. The majority of NHS services have now been reconnected and we are supporting the few NHS organisations still undergoing reconnecting. All but one of the affected mental health providers have now been reconnected and are in the restoration phase.</p><p>The incident has impacted data submission to the Mental Health Services Data Set (MHSDS). The MHSDS monthly publication has been reclassified as experimental statistics to reflect this. Caveats are included on the publication page to warn users when interpreting the data. The NHS Digital data liaison service and data quality teams are in regular communication with providers and continue to monitor the impact on submissions and reporting.</p> answering member constituency Colchester answering member printed Will Quince grouped question UIN 131272 question first answered 03/02/2023 13:23:45 answering member 4423 label Biography information for Will Quince
tabling member	4573 label Biography information for Dr Rosena Allin-Khan

1563429

registered interest
date	20/12/2022
answering body	Department of Health and Social Care
answering dept id	17
answering dept short name	Health and Social Care
answering dept sort name	Health and Social Care
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health and Social Care, what assessment he has made of the implications for his policies of the cyberattack on the NHS in September 2022.
tabling member constituency	Birmingham, Edgbaston
tabling member printed	Preet Kaur Gill
uin	114773
answer	answer is ministerial correction date of answer 09/01/2023 answer text <p>Following the cyber-attack in August 2022 on the third-party software supplier to health and care, Advanced, the majority of services in the National Health Service have been reconnected and we are working with Advanced to support NHS organisations that are going through the process of reconnection.</p><p>As with previous incidents, work is now being undertaken to review the response and identify lessons to support and improve the response to future incidents.</p><p>The Cyber Security Strategy for Health and Care, which will be published this year, will detail increasing focus on supply chain. This will include measures to support our critical suppliers to build resilience against attacks like the one on Advanced this Summer. By increasing regulatory control and standards, embedding stronger assurance processes and developing the tools to help health and social care organisations to triage supplier risks, it should enable us to respond more quickly and effectively to manage impact.</p> answering member constituency Colchester answering member printed Will Quince question first answered 09/01/2023 09:12:47 answering member 4423 label Biography information for Will Quince
tabling member	4603 label Biography information for Preet Kaur Gill

1236171

registered interest
date	21/09/2020
answering body	Department of Health and Social Care
answering dept id	17
answering dept short name	Health and Social Care
answering dept sort name	Health and Social Care
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health and Social Care, with reference to the recent suspected ransomware attack on a hospital in Dusseldorf, what assessment he has made of the NHS’s ability to withstand a cyber attack.
tabling member constituency	West Lancashire
tabling member printed	Rosie Cooper
uin	92740
answer	answer is ministerial correction date of answer 02/11/2020 answer text <p>Thanks to over £250 million of investment nationally by 2021, the cyber maturity and security posture of National Health Service organisations has increased over the past three years and continues to do so. Cyber attacks, including ransomware attacks, remain a major risk for the NHS and the cyber programme we have implemented has a strong focus on managing that risk.</p><p> </p><p>We are using the Data Security and Protection Toolkit (DSPT) to assess cyber security performance at an organisation level, and this information is collated nationally to help inform policy and investment decisions. The DSPT helps organisations understand their data and cyber security risks and encourages the inclusion of cyber security in business continuity planning.</p><p> </p><p>We are also helping NHS organisations increase their preparedness to recover from successful cyber attacks. During the COVID-19 response period, we have put in place additional cyber security protection for the NHS, including additional incident response capacity, a rapid remediation programme, and enhancements to the NHS Digital Cyber Security Operations Centre to increase monitoring.</p> answering member constituency Faversham and Mid Kent answering member printed Helen Whately question first answered 02/11/2020 15:43:05 answering member 4527 label Biography information for Helen Whately previous answer version 49833 answering member constituency Mid Bedfordshire answering member printed Ms Nadine Dorries answering member 1481 label Biography information for Ms Nadine Dorries
tabling member	1538 label Biography information for Rosie Cooper

1194403

registered interest
date	11/05/2020
answering body	Department of Health and Social Care
answering dept id	17
answering dept short name	Health and Social Care
answering dept sort name	Health and Social Care
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health and Social Care, what resources the Government is committing to the NHS’s cyber security protocols as part of the Government's response to the covid-19 outbreak.
tabling member constituency	Newcastle upon Tyne Central
tabling member printed	Chi Onwurah
uin	45187
answer	answer is ministerial correction date of answer 21/05/2020 answer text <p>It is not possible to completely eliminate cyber threats and cyber actors have already been seen to attempt to exploit this pandemic. It is therefore critically important that the National Health Service remains resilient to cyber-attacks. To support the NHS and further strengthen cyber resilience across the system during the COVID-19 response period, we are providing enhanced central support and additional funding to help local NHS organisations to manage their cyber risks. This includes:</p><p> </p><p>- NHSX working collaboratively with the National Cyber Security Centre and NHS Digital to rapidly understand cyber security vulnerabilities;</p><p>- a rapid remediation programme to immediately fix major cyber security vulnerabilities in high priority NHS organisations, those most critical to the COVID-19 response;</p><p>- working closely with the host organisations for the NHS Nightingale sites to review their cyber security posture and help them quickly remediate vulnerabilities; and</p><p>- increased ‘boots-on the ground’ contingency capacity for incident response.</p> answering member constituency Mid Bedfordshire answering member printed Ms Nadine Dorries question first answered 21/05/2020 11:59:40 answering member 1481 label Biography information for Ms Nadine Dorries
tabling member	4124 label Biography information for Chi Onwurah

1126877

registered interest
date	15/05/2019
answering body	Department of Health and Social Care
answering dept id	17
answering dept short name	Health and Social Care
answering dept sort name	Health and Social Care
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health and Social Care, how much the National Health Service spent on cyber security in each of the last five years.
tabling member constituency	Windsor
tabling member printed	Adam Afriyie
uin	254785
answer	answer is ministerial correction date of answer 24/05/2019 answer text <p>The information requested on cyber spending covers sensitive detail about cyber security investment for the National Health Service. In this instance, releasing this information at the level of any annual breakdown may assist in determining the effectiveness of detecting cyber-attacks on the NHS, and could compromise measures to protect NHS IT systems, leaving them vulnerable to future cyber-attacks.</p><p>However, in total, over £250 million will have been invested nationally to improve the cyber security of the health and care system between 2016 and 2021. This excludes both investment by local organisations, and wider national IT investment which supports better security such as Microsoft licensing for NHS organisations.</p><p>Regarding the steps taken to defend against cyber attacks on the NHS, the active cyber defence of NHS organisations is a local responsibility for each organisation to carry out. However, there is national support and practical guidance available to NHS organisations which is primarily delivered by NHS Digital but supported and prioritised for the highest risk organisations by NHS England and the Department. In the event of national-scale incidents that affect many health and care organisations, NHS Digital plays a vital role in coordinating and ensuring appropriate technical remediation, as part of the wider cross-system cyber security response led by the Department.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price grouped question UIN 254786 question first answered 24/05/2019 12:33:05 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	1586 label Biography information for Adam Afriyie

964572

registered interest
date	03/09/2018
answering body	Department of Health and Social Care
answering dept id	17
answering dept short name	Health and Social Care
answering dept sort name	Health and Social Care
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health, what changes have been made to NHS (a) IT systems and (b) cyber security since the cyber attack in May 2017.
tabling member constituency	Bolton North East
tabling member printed	Sir David Crausby
uin	169018
answer	answer is ministerial correction date of answer 11/09/2018 answer text <p>The National Health Service is putting in place robust measures to protect IT systems against cyber-attacks. Since May 2017 the Government has invested £60 million to support NHS providers to improve their security position, with a further £150 million pledged up until 2021 to improve the NHS’s resilience against attacks.</p><p><br> The Department published its progress report in February 2018 entitled ‘Securing cyber resilience in health and care: progress update’. The report is available at the following link:</p><p> </p><p><a href="https://www.gov.uk/government/publications/securing-cyber-resilience-in-health-and-care-progress-update" target="_blank">https://www.gov.uk/government/publications/securing-cyber-resilience-in-health-and-care-progress-update</a></p><p> </p><p>Key actions taken since February 2018 include:</p><p>- signing a Windows 10 licensing agreement with Microsoft which will allow local NHS organisations to save money, reduce potential vulnerabilities and help increase cyber resilience;</p><p>- enhancing the capability of the Cyber Security Operations Centre boosting the national capability to prevent, detect and respond to cyber-attacks through the procurement of IBM as a specialist partner;</p><p>- launching the Data Security and Protection Toolkit which provides an accessible dashboard enabling trusts to track their progress in meeting the 10 Data Security Standards;</p><p>- agreeing plans to implement the recommendations of the Chief Information Officer for Health and Care’s review of the May 2017 WannaCry attack;</p><p>- provided specialist face to face security training (System Security Certified Practitioner - SSCP) for over 100 staff; and</p><p>- in May 2018 the Network and Information Security Regulations came into force which requires operators of essential services (including some NHS healthcare providers) to put appropriate security measures in place and to report significant incidents that occur.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price question first answered 11/09/2018 10:56:06 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	437 label Biography information for Sir David Crausby

864429

registered interest
date	15/03/2018
answering body	Department of Health and Social Care
answering dept id	17
answering dept short name	Health and Social Care
answering dept sort name	Health and Social Care
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health and Social Care, what steps his Department has taken to improve the security of the IT systems in the NHS since the cyber attack of May 2017.
tabling member constituency	Leicester East
tabling member printed	Keith Vaz
uin	132912
answer	answer is ministerial correction date of answer 22/03/2018 answer text <p>Since the WannaCry cyber attack, the Department has taken a number of further actions, building on a programme of work led by the Department working with its arm’s-length bodies since 2010. These actions are described below:</p><p> </p><p>- The Department’s Data Security Incident Response Plan reviewed. System-wide Data and Cyber Security Operations Playbook developed - June 2017;</p><p>- Customer Support Agreement with Microsoft - June 2017;</p><p>- The Department’s response to National Data Guardian Review was published including cyber security plans - July 2017;</p><p>- NHS Digital published unsupported systems guidance - July 2017;</p><p>- E-learning package launched for National Health Service staff - July 2017;</p><p>- Data security now part of the Care Quality Commission’s (CQC’s) assessments of well led NHS trusts. General practitioners and adult social care providers followed in November - September 2017;</p><p>- 2017/18 Data Security and Protection Requirements published - October 2017;</p><p>- Text messaging relay service launched - November 2017;</p><p>- First health cyber-attack simulated table top exercise - December 2017;</p><p>- 34 of our major trauma centres and ambulance trusts completed on-site assessments - December 2017;</p><p>- 190 organisations completed on-site assessments - January 2018;</p><p>- Additional £25 million funding secured to support major trauma centres and ambulance trusts with their critical infrastructure - January 2018;</p><p>- Initial £150 million identified via reprioritisation across NHS IT portfolio to continue investment in local infrastructure and national systems and services to improve monitoring, resilience and response - January 2018;</p><p>- 100% of NHS trusts and Commissioning Support Units signed up to CareCERT Collect - January 2018;</p><p>- New Cloud guidance published - January 2018;</p><p>- New CQC unannounced cyber security inspections pilot started - February 2018; and</p><p>- All major trauma centres and ambulance trusts completed on-site assessments - February 2018.</p><p> </p><p>These actions are further described in ‘Securing cyber resilience in health and care: A progress update’ published by the Department on 1 February 2018 which can be accessed at the link below:</p><p> </p><p><a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/678484/Securing_cyber_resillience_in_health_and_care.pdf" target="_blank">https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/678484/Securing_cyber_resillience_in_health_and_care.pdf</a></p> answering member constituency Thurrock answering member printed Jackie Doyle-Price question first answered 22/03/2018 16:07:21 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	338 label Biography information for Keith Vaz

794235

registered interest
date	23/11/2017
answering body	Department of Health
answering dept id	17
answering dept short name	Health
answering dept sort name	Health
hansard heading	NHS: Cybersecurity
house id	2
legislature	25277 pref label House of Lords
question text	To ask Her Majesty's Government what advice, if any, they have provided to NHS Trusts regarding the need to upgrade software and improve cyber-security.
tabling member printed	Baroness Redfern
uin	HL3553
answer	answer is ministerial correction date of answer 01/12/2017 answer text <p>The Department published <em>Your Data: Better Security, Better Choice, Better Care </em>in July 2017 in which the Government accepted the 10 Data Security Standards recommended by the National Data Guardian, Dame Fiona Caldicott. The document sets out the steps National Health Service trusts are expected to take to improve their cyber security resilience. Data Security Standard 8 specifically states that no unsupported operating systems, software or internet browsers are used within the IT estate.</p><p> </p><p>NHS Digital published in May 2017 <em>Unsupported Platforms – Good Practice Guide </em>giving trusts technical guidance on how to upgrade software and improve cyber security.</p><p> </p><p>In October 2017, the Department followed up by publishing the <em>2017/18 Data Security and Protection Requirements</em>. This document sets out the steps all health and care organisations will be expected to take in 2017/18 to demonstrate that they are implementing the 10 Data Security Standards, prior to a new assurance framework coming into place from April 2018.</p><p> </p><p>In 2015, NHS Digital established CareCERT to provide national cyber support to health and care organisations. This support includes cyber alerts with advice on software updates, direct support when cyber incidents occur, and also on-site support to assess local vulnerabilities to improve local resilience and mitigate the impact of future cyber incidents.</p><p> </p><p>The above mentioned reports are attached.</p> answering member printed Lord O'Shaughnessy attachment 1 file name Managing_the_Risk_of_Unsupported_Platforms_-_Good_Practice_Guide_230517.pdf title Managing the Risk of Unsupported Platforms 2 file name 2017-18 Data Security and Protection Requirements.pdf title 2017-18 Data Security and Protection Requirements 3 file name Your Data Better Security Better Choice Better Care Government Response.pdf title Your Data Better Security Better Choice question first answered 01/12/2017 11:45:38 answering member 4545 label Biography information for Lord O'Shaughnessy
tabling member	4551 label Biography information for Baroness Redfern

786948

registered interest
date	10/11/2017
answering body	Department of Health
answering dept id	17
answering dept short name	Health
answering dept sort name	Health
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health, what changes have been made to NHS IT systems and cyber security since the cyber attack in May 2017.
tabling member constituency	Bolton North East
tabling member printed	Sir David Crausby
uin	112274
answer	answer is ministerial correction date of answer 15/11/2017 answer text <p>The National Health Service has robust measures in place to protect against cyberattacks, and since May we have taken further action to strengthen resilience and guard against future attack, including new, unannounced cyber security inspections by the Care Quality Commission, £21 million in funding to improve resilience in trauma centres, and enhanced guidance for trusts.</p><p> </p><p>Work is underway to determine the fastest and most cost effective way to move the NHS off unsupported operating systems, and we are working with the NHS to ensure unsupported systems are urgently upgraded, removed or isolated. The Department has also signed a Customer Support Agreement with Microsoft that will issue regular patches and updates for all existing Windows devices operating with Windows XP, Windows Server 2003, and SQL 2005.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price grouped question UIN 112222 question first answered 15/11/2017 17:42:12 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	437 label Biography information for Sir David Crausby

787009

registered interest
date	10/11/2017
answering body	Department of Health
answering dept id	17
answering dept short name	Health
answering dept sort name	Health
hansard heading	NHS: Cybersecurity
house id	1
legislature	25259 pref label House of Commons
question text	To ask the Secretary of State for Health, what steps have been taken (a) since the WannaCry cyberattack in May 2017 to improve IT security in NHS organisations and (b) to ensure that NHS organisations update their IT systems.
tabling member constituency	Houghton and Sunderland South
tabling member printed	Bridget Phillipson
uin	112222
answer	answer is ministerial correction date of answer 15/11/2017 answer text <p>The National Health Service has robust measures in place to protect against cyberattacks, and since May we have taken further action to strengthen resilience and guard against future attack, including new, unannounced cyber security inspections by the Care Quality Commission, £21 million in funding to improve resilience in trauma centres, and enhanced guidance for trusts.</p><p> </p><p>Work is underway to determine the fastest and most cost effective way to move the NHS off unsupported operating systems, and we are working with the NHS to ensure unsupported systems are urgently upgraded, removed or isolated. The Department has also signed a Customer Support Agreement with Microsoft that will issue regular patches and updates for all existing Windows devices operating with Windows XP, Windows Server 2003, and SQL 2005.</p> answering member constituency Thurrock answering member printed Jackie Doyle-Price grouped question UIN 112274 question first answered 15/11/2017 17:42:12 answering member 4065 label Biography information for Dame Jackie Doyle-Price
tabling member	4046 label Biography information for Bridget Phillipson