{ "format" : "linked-data-api", "version" : "0.2", "result" : {"_about" : "http://eldaddp.azurewebsites.net/answeredquestions.text?max-ddpModified.=2019-05-21T17%3A45%3A14.748Z&answer.isMinisterialCorrection=false&max-date=2019-05-21&hansardHeading=NHS%3A+Cybersecurity", "definition" : "http://eldaddp.azurewebsites.net/meta/answeredquestions.text?max-ddpModified.=2019-05-21T17%3A45%3A14.748Z&answer.isMinisterialCorrection=false&max-date=2019-05-21&hansardHeading=NHS%3A+Cybersecurity", "extendedMetadataVersion" : "http://eldaddp.azurewebsites.net/answeredquestions.text?max-ddpModified.=2019-05-21T17%3A45%3A14.748Z&answer.isMinisterialCorrection=false&max-date=2019-05-21&_metadata=all&hansardHeading=NHS%3A+Cybersecurity", "first" : "http://eldaddp.azurewebsites.net/answeredquestions.text?_page=0&max-ddpModified.=2019-05-21T17%3A45%3A14.748Z&answer.isMinisterialCorrection=false&max-date=2019-05-21&hansardHeading=NHS%3A+Cybersecurity", "hasPart" : "http://eldaddp.azurewebsites.net/answeredquestions.text?max-ddpModified.=2019-05-21T17%3A45%3A14.748Z&answer.isMinisterialCorrection=false&max-date=2019-05-21&hansardHeading=NHS%3A+Cybersecurity", "isPartOf" : "http://eldaddp.azurewebsites.net/answeredquestions.text?max-ddpModified.=2019-05-21T17%3A45%3A14.748Z&answer.isMinisterialCorrection=false&max-date=2019-05-21&hansardHeading=NHS%3A+Cybersecurity", "items" : [{"_about" : "http://data.parliament.uk/resources/1126877", "AnsweringBody" : [{"_value" : "Department of Health and Social Care"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/1126877/answer", "answerText" : {"_value" : "

The information requested on cyber spending covers sensitive detail about cyber security investment for the National Health Service. In this instance, releasing this information at the level of any annual breakdown may assist in determining the effectiveness of detecting cyber-attacks on the NHS, and could compromise measures to protect NHS IT systems, leaving them vulnerable to future cyber-attacks.<\/p>

However, in total, over £250 million will have been invested nationally to improve the cyber security of the health and care system between 2016 and 2021. This excludes both investment by local organisations, and wider national IT investment which supports better security such as Microsoft licensing for NHS organisations.<\/p>

Regarding the steps taken to defend against cyber attacks on the NHS, the active cyber defence of NHS organisations is a local responsibility for each organisation to carry out. However, there is national support and practical guidance available to NHS organisations which is primarily delivered by NHS Digital but supported and prioritised for the highest risk organisations by NHS England and the Department. In the event of national-scale incidents that affect many health and care organisations, NHS Digital plays a vital role in coordinating and ensuring appropriate technical remediation, as part of the wider cross-system cyber security response led by the Department.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4065", "label" : {"_value" : "Biography information for Dame Jackie Doyle-Price"} } , "answeringMemberConstituency" : {"_value" : "Thurrock"} , "answeringMemberPrinted" : {"_value" : "Jackie Doyle-Price"} , "dateOfAnswer" : {"_value" : "2019-05-24", "_datatype" : "dateTime"} , "groupedQuestionUIN" : {"_value" : "254786"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2019-05-24T12:33:05.65Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "17"} , "answeringDeptShortName" : {"_value" : "Health and Social Care"} , "answeringDeptSortName" : {"_value" : "Health and Social Care"} , "date" : {"_value" : "2019-05-15", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "NHS: Cybersecurity"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Secretary of State for Health and Social Care, how much the National Health Service spent on cyber security in each of the last five years.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/1586", "label" : {"_value" : "Biography information for Adam Afriyie"} } , "tablingMemberConstituency" : {"_value" : "Windsor"} , "tablingMemberPrinted" : [{"_value" : "Adam Afriyie"} ], "uin" : "254785"} , {"_about" : "http://data.parliament.uk/resources/964572", "AnsweringBody" : [{"_value" : "Department of Health and Social Care"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/964572/answer", "answerText" : {"_value" : "

The National Health Service is putting in place robust measures to protect IT systems against cyber-attacks. Since May 2017 the Government has invested £60 million to support NHS providers to improve their security position, with a further £150 million pledged up until 2021 to improve the NHS\u2019s resilience against attacks.<\/p>


The Department published its progress report in February 2018 entitled \u2018Securing cyber resilience in health and care: progress update\u2019. The report is available at the following link:<\/p>

<\/p>

https://www.gov.uk/government/publications/securing-cyber-resilience-in-health-and-care-progress-update<\/a><\/p>

<\/p>

Key actions taken since February 2018 include:<\/p>

- signing a Windows 10 licensing agreement with Microsoft which will allow local NHS organisations to save money, reduce potential vulnerabilities and help increase cyber resilience;<\/p>

- enhancing the capability of the Cyber Security Operations Centre boosting the national capability to prevent, detect and respond to cyber-attacks through the procurement of IBM as a specialist partner;<\/p>

- launching the Data Security and Protection Toolkit which provides an accessible dashboard enabling trusts to track their progress in meeting the 10 Data Security Standards;<\/p>

- agreeing plans to implement the recommendations of the Chief Information Officer for Health and Care\u2019s review of the May 2017 WannaCry attack;<\/p>

- provided specialist face to face security training (System Security Certified Practitioner - SSCP) for over 100 staff; and<\/p>

- in May 2018 the Network and Information Security Regulations came into force which requires operators of essential services (including some NHS healthcare providers) to put appropriate security measures in place and to report significant incidents that occur.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4065", "label" : {"_value" : "Biography information for Dame Jackie Doyle-Price"} } , "answeringMemberConstituency" : {"_value" : "Thurrock"} , "answeringMemberPrinted" : {"_value" : "Jackie Doyle-Price"} , "dateOfAnswer" : {"_value" : "2018-09-11", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2018-09-11T10:56:06.307Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "17"} , "answeringDeptShortName" : {"_value" : "Health and Social Care"} , "answeringDeptSortName" : {"_value" : "Health and Social Care"} , "date" : {"_value" : "2018-09-03", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "NHS: Cybersecurity"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Secretary of State for Health, what changes have been made to NHS (a) IT systems and (b) cyber security since the cyber attack in May 2017.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/437", "label" : {"_value" : "Biography information for Sir David Crausby"} } , "tablingMemberConstituency" : {"_value" : "Bolton North East"} , "tablingMemberPrinted" : [{"_value" : "Sir David Crausby"} ], "uin" : "169018"} , {"_about" : "http://data.parliament.uk/resources/864429", "AnsweringBody" : [{"_value" : "Department of Health and Social Care"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/864429/answer", "answerText" : {"_value" : "

Since the WannaCry cyber attack, the Department has taken a number of further actions, building on a programme of work led by the Department working with its arm\u2019s-length bodies since 2010. These actions are described below:<\/p>

<\/p>

- The Department\u2019s Data Security Incident Response Plan reviewed. System-wide Data and Cyber Security Operations Playbook developed - June 2017;<\/p>

- Customer Support Agreement with Microsoft - June 2017;<\/p>

- The Department\u2019s response to National Data Guardian Review was published including cyber security plans - July 2017;<\/p>

- NHS Digital published unsupported systems guidance - July 2017;<\/p>

- E-learning package launched for National Health Service staff - July 2017;<\/p>

- Data security now part of the Care Quality Commission\u2019s (CQC\u2019s) assessments of well led NHS trusts. General practitioners and adult social care providers followed in November - September 2017;<\/p>

- 2017/18 Data Security and Protection Requirements published - October 2017;<\/p>

- Text messaging relay service launched - November 2017;<\/p>

- First health cyber-attack simulated table top exercise - December 2017;<\/p>

- 34 of our major trauma centres and ambulance trusts completed on-site assessments - December 2017;<\/p>

- 190 organisations completed on-site assessments - January 2018;<\/p>

- Additional £25 million funding secured to support major trauma centres and ambulance trusts with their critical infrastructure - January 2018;<\/p>

- Initial £150 million identified via reprioritisation across NHS IT portfolio to continue investment in local infrastructure and national systems and services to improve monitoring, resilience and response - January 2018;<\/p>

- 100% of NHS trusts and Commissioning Support Units signed up to CareCERT Collect - January 2018;<\/p>

- New Cloud guidance published - January 2018;<\/p>

- New CQC unannounced cyber security inspections pilot started - February 2018; and<\/p>

- All major trauma centres and ambulance trusts completed on-site assessments - February 2018.<\/p>

<\/p>

These actions are further described in \u2018Securing cyber resilience in health and care: A progress update\u2019 published by the Department on 1 February 2018 which can be accessed at the link below:<\/p>

<\/p>

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/678484/Securing_cyber_resillience_in_health_and_care.pdf<\/a><\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4065", "label" : {"_value" : "Biography information for Dame Jackie Doyle-Price"} } , "answeringMemberConstituency" : {"_value" : "Thurrock"} , "answeringMemberPrinted" : {"_value" : "Jackie Doyle-Price"} , "dateOfAnswer" : {"_value" : "2018-03-22", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2018-03-22T16:07:21.517Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "17"} , "answeringDeptShortName" : {"_value" : "Health and Social Care"} , "answeringDeptSortName" : {"_value" : "Health and Social Care"} , "date" : {"_value" : "2018-03-15", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "NHS: Cybersecurity"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Secretary of State for Health and Social Care, what steps his Department has taken to improve the security of the IT systems in the NHS since the cyber attack of May 2017.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/338", "label" : {"_value" : "Biography information for Keith Vaz"} } , "tablingMemberConstituency" : {"_value" : "Leicester East"} , "tablingMemberPrinted" : [{"_value" : "Keith Vaz"} ], "uin" : "132912"} , {"_about" : "http://data.parliament.uk/resources/794235", "AnsweringBody" : [{"_value" : "Department of Health"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/794235/answer", "answerText" : {"_value" : "

The Department published Your Data: Better Security, Better Choice, Better Care <\/em>in July 2017 in which the Government accepted the 10 Data Security Standards recommended by the National Data Guardian, Dame Fiona Caldicott. The document sets out the steps National Health Service trusts are expected to take to improve their cyber security resilience. Data Security Standard 8 specifically states that no unsupported operating systems, software or internet browsers are used within the IT estate.<\/p>

<\/p>

NHS Digital published in May 2017 Unsupported Platforms \u2013 Good Practice Guide <\/em>giving trusts technical guidance on how to upgrade software and improve cyber security.<\/p>

<\/p>

In October 2017, the Department followed up by publishing the 2017/18 Data Security and Protection Requirements<\/em>. This document sets out the steps all health and care organisations will be expected to take in 2017/18 to demonstrate that they are implementing the 10 Data Security Standards, prior to a new assurance framework coming into place from April 2018.<\/p>

<\/p>

In 2015, NHS Digital established CareCERT to provide national cyber support to health and care organisations. This support includes cyber alerts with advice on software updates, direct support when cyber incidents occur, and also on-site support to assess local vulnerabilities to improve local resilience and mitigate the impact of future cyber incidents.<\/p>

<\/p>

The above mentioned reports are attached.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4545", "label" : {"_value" : "Biography information for Lord O'Shaughnessy"} } , "answeringMemberPrinted" : {"_value" : "Lord O'Shaughnessy"} , "attachment" : [{"_about" : "http://data.parliament.uk/resources/794235/answer/attachment/1", "fileName" : {"_value" : "Managing_the_Risk_of_Unsupported_Platforms_-_Good_Practice_Guide_230517.pdf"} , "title" : "Managing the Risk of Unsupported Platforms"} , {"_about" : "http://data.parliament.uk/resources/794235/answer/attachment/2", "fileName" : {"_value" : "2017-18 Data Security and Protection Requirements.pdf"} , "title" : "2017-18 Data Security and Protection Requirements"} , {"_about" : "http://data.parliament.uk/resources/794235/answer/attachment/3", "fileName" : {"_value" : "Your Data Better Security Better Choice Better Care Government Response.pdf"} , "title" : "Your Data Better Security Better Choice"} ], "dateOfAnswer" : {"_value" : "2017-12-01", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2017-12-01T11:45:38.277Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "17"} , "answeringDeptShortName" : {"_value" : "Health"} , "answeringDeptSortName" : {"_value" : "Health"} , "date" : {"_value" : "2017-11-23", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "NHS: Cybersecurity"} , "houseId" : {"_value" : "2"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25277", "prefLabel" : {"_value" : "House of Lords"} } ], "questionText" : "To ask Her Majesty's Government what advice, if any, they have provided to NHS Trusts regarding the need to upgrade software and improve cyber-security.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4551", "label" : {"_value" : "Biography information for Baroness Redfern"} } , "tablingMemberPrinted" : [{"_value" : "Baroness Redfern"} ], "uin" : "HL3553"} , {"_about" : "http://data.parliament.uk/resources/786948", "AnsweringBody" : [{"_value" : "Department of Health"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/786948/answer", "answerText" : {"_value" : "

The National Health Service has robust measures in place to protect against cyberattacks, and since May we have taken further action to strengthen resilience and guard against future attack, including new, unannounced cyber security inspections by the Care Quality Commission, £21 million in funding to improve resilience in trauma centres, and enhanced guidance for trusts.<\/p>

<\/p>

Work is underway to determine the fastest and most cost effective way to move the NHS off unsupported operating systems, and we are working with the NHS to ensure unsupported systems are urgently upgraded, removed or isolated. The Department has also signed a Customer Support Agreement with Microsoft that will issue regular patches and updates for all existing Windows devices operating with Windows XP, Windows Server 2003, and SQL 2005.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4065", "label" : {"_value" : "Biography information for Dame Jackie Doyle-Price"} } , "answeringMemberConstituency" : {"_value" : "Thurrock"} , "answeringMemberPrinted" : {"_value" : "Jackie Doyle-Price"} , "dateOfAnswer" : {"_value" : "2017-11-15", "_datatype" : "dateTime"} , "groupedQuestionUIN" : {"_value" : "112222"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2017-11-15T17:42:12.387Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "17"} , "answeringDeptShortName" : {"_value" : "Health"} , "answeringDeptSortName" : {"_value" : "Health"} , "date" : {"_value" : "2017-11-10", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "NHS: Cybersecurity"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Secretary of State for Health, what changes have been made to NHS IT systems and cyber security since the cyber attack in May 2017.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/437", "label" : {"_value" : "Biography information for Sir David Crausby"} } , "tablingMemberConstituency" : {"_value" : "Bolton North East"} , "tablingMemberPrinted" : [{"_value" : "Sir David Crausby"} ], "uin" : "112274"} , {"_about" : "http://data.parliament.uk/resources/787009", "AnsweringBody" : [{"_value" : "Department of Health"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/787009/answer", "answerText" : {"_value" : "

The National Health Service has robust measures in place to protect against cyberattacks, and since May we have taken further action to strengthen resilience and guard against future attack, including new, unannounced cyber security inspections by the Care Quality Commission, £21 million in funding to improve resilience in trauma centres, and enhanced guidance for trusts.<\/p>

<\/p>

Work is underway to determine the fastest and most cost effective way to move the NHS off unsupported operating systems, and we are working with the NHS to ensure unsupported systems are urgently upgraded, removed or isolated. The Department has also signed a Customer Support Agreement with Microsoft that will issue regular patches and updates for all existing Windows devices operating with Windows XP, Windows Server 2003, and SQL 2005.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4065", "label" : {"_value" : "Biography information for Dame Jackie Doyle-Price"} } , "answeringMemberConstituency" : {"_value" : "Thurrock"} , "answeringMemberPrinted" : {"_value" : "Jackie Doyle-Price"} , "dateOfAnswer" : {"_value" : "2017-11-15", "_datatype" : "dateTime"} , "groupedQuestionUIN" : {"_value" : "112274"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2017-11-15T17:42:12.323Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "17"} , "answeringDeptShortName" : {"_value" : "Health"} , "answeringDeptSortName" : {"_value" : "Health"} , "date" : {"_value" : "2017-11-10", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "NHS: Cybersecurity"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Secretary of State for Health, what steps have been taken (a) since the WannaCry cyberattack in May 2017 to improve IT security in NHS organisations and (b) to ensure that NHS organisations update their IT systems.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4046", "label" : {"_value" : "Biography information for Bridget Phillipson"} } , "tablingMemberConstituency" : {"_value" : "Houghton and Sunderland South"} , "tablingMemberPrinted" : [{"_value" : "Bridget Phillipson"} ], "uin" : "112222"} , {"_about" : "http://data.parliament.uk/resources/787010", "AnsweringBody" : [{"_value" : "Department of Health"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/787010/answer", "answerText" : {"_value" : "

A new e-learning package has been produced for staff in the health and care system, with sections covering risks and responsibilities with regards to cyber security.<\/p>

<\/p>

The Department is working with the National Cyber Security Centre, NHS England, NHS Digital and NHS Improvement to prepare and rehearse incident response plans and take action to strengthen communications when core computer systems are affected by cyber security incidents.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4065", "label" : {"_value" : "Biography information for Dame Jackie Doyle-Price"} } , "answeringMemberConstituency" : {"_value" : "Thurrock"} , "answeringMemberPrinted" : {"_value" : "Jackie Doyle-Price"} , "dateOfAnswer" : {"_value" : "2017-11-15", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2017-11-15T17:40:47.683Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "17"} , "answeringDeptShortName" : {"_value" : "Health"} , "answeringDeptSortName" : {"_value" : "Health"} , "date" : {"_value" : "2017-11-10", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "NHS: Cybersecurity"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Secretary of State for Health, what steps have been taken to educate NHS staff on how to minimise vulnerability to cyberattacks.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4046", "label" : {"_value" : "Biography information for Bridget Phillipson"} } , "tablingMemberConstituency" : {"_value" : "Houghton and Sunderland South"} , "tablingMemberPrinted" : [{"_value" : "Bridget Phillipson"} ], "uin" : "112223"} , {"_about" : "http://data.parliament.uk/resources/758222", "AnsweringBody" : [{"_value" : "Department of Health"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/758222/answer", "answerText" : {"_value" : "

The global WannaCry cyber attack in May 2017 has reaffirmed the potential for cyber incidents to impact directly on patient care and the need for our health and care system to act decisively to minimise the impact on essential front-line services. Weak passwords were not a vulnerability exploited in the WannaCry attack.<\/p>

<\/p>

Passwords are one element of ensuring the cyber security of National Health Service organisations, and improving them is part of a wider set of standards as introduced in the Government\u2019s response Your Data: Better Security, Better Choice, Better Care published on 12 July 2017. The Government\u2019s response accepts the 10 Data Security Standards recommended by the National Data Guardian. A copy of the response is available at the following link:<\/p>

https://www.gov.uk/government/news/government-responds-on-cyber-security-and-data<\/a><\/p>

<\/p>

The NHS contract has been changed so that NHS organisations are formally required to adopt data security standards including security training for staff and annual reviews of processes.<\/p>

NHS Digital is supporting local organisations to strengthen cyber security by sharing best practice across the health and care system and carrying out on-site assessments.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4065", "label" : {"_value" : "Biography information for Dame Jackie Doyle-Price"} } , "answeringMemberConstituency" : {"_value" : "Thurrock"} , "answeringMemberPrinted" : {"_value" : "Jackie Doyle-Price"} , "dateOfAnswer" : {"_value" : "2017-09-11", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2017-09-11T14:37:53.753Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "17"} , "answeringDeptShortName" : {"_value" : "Health"} , "answeringDeptSortName" : {"_value" : "Health"} , "date" : {"_value" : "2017-09-06", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "NHS: Cybersecurity"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Secretary of State for Health, what steps his Department has taken to improve the security of NHS passwords since the WannaCry cyber attack in May 2017.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4244", "label" : {"_value" : "Biography information for Jonathan Ashworth"} } , "tablingMemberConstituency" : {"_value" : "Leicester South"} , "tablingMemberPrinted" : [{"_value" : "Jonathan Ashworth"} ], "uin" : "9272"} , {"_about" : "http://data.parliament.uk/resources/755816", "AnsweringBody" : [{"_value" : "Department of Health"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/755816/answer", "answerText" : {"_value" : "

The Department developed an immediate response plan, working with the National Cyber Security Centre, NHS Digital, NHS England, NHS Improvement, and the Care Quality Commission.<\/p>

<\/p>

Your Data: Better Security, Better Choice, Better Care is the Government\u2019s Response to data security and was published in July 2017. This document accepts the 10 Data Security Standards proposed by Dame Fiona Caldicott, the National Data Guardian, and sets out the timescales for how the Government plans to deliver key actions on cyber security and data sharing in a high level implementation plan.<\/p>

<\/p>

The immediate response plan and the high level implementation plan is being taken forward as part of the formal Data and Cyber Security Programme which includes a range of measures to build resilience and responsiveness to the health and care sector against a cyber attack.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4065", "label" : {"_value" : "Biography information for Dame Jackie Doyle-Price"} } , "answeringMemberConstituency" : {"_value" : "Thurrock"} , "answeringMemberPrinted" : {"_value" : "Jackie Doyle-Price"} , "dateOfAnswer" : {"_value" : "2017-09-12", "_datatype" : "dateTime"} , "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2017-09-12T14:51:49.01Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "17"} , "answeringDeptShortName" : {"_value" : "Health"} , "answeringDeptSortName" : {"_value" : "Health"} , "date" : {"_value" : "2017-09-04", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "NHS: Cybersecurity"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Secretary of State for Health, what changes have been made to the NHS' cyber security following the cyber attack in May 2017.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/410", "label" : {"_value" : "Biography information for Jon Trickett"} } , "tablingMemberConstituency" : {"_value" : "Hemsworth"} , "tablingMemberPrinted" : [{"_value" : "Jon Trickett"} ], "uin" : "7028"} , {"_about" : "http://data.parliament.uk/resources/731862", "AnsweringBody" : [{"_value" : "Department of Health"} ], "answer" : {"_about" : "http://data.parliament.uk/resources/731862/answer", "answerText" : {"_value" : "

Cyber resilience in the health and care system is an issue that the Government takes very seriously.<\/p>

<\/p>

We have changed the National Health Service standard contract to include, from April 2017, cyber security requirements.<\/p>

<\/p>

Evidence shows that the use of unsupported systems is continuing to reduce in health and care, as organisations replace older hardware. Latest estimates suggest the usage of Windows XP in the NHS has reduced from 15-18% at December 2015, to 4.7% of systems currently.<\/p>

<\/p>

The 12 May 2017 ransomware incident affected the NHS in the United Kingdom. It is standard practice to review any major incident in the NHS. Further, the Chief Information Officer for health and care is undertaking a review into the May 2017 cyber-attack which is expected to conclude in the autumn.<\/p>

<\/p>

The identifiable cost of emergency measures put in place to specifically address the NHS ransomware attack on 12 May 2017 was approximately £180,000. These costs were borne by NHS Digital and NHS England from internal budgets. Information relating to any expenditure incurred by individual local NHS trusts or other NHS organisations is not collected centrally.<\/p>

<\/p>

We do not comment more widely on matters of security.<\/p>"} , "answeringMember" : {"_about" : "http://data.parliament.uk/members/4065", "label" : {"_value" : "Biography information for Dame Jackie Doyle-Price"} } , "answeringMemberConstituency" : {"_value" : "Thurrock"} , "answeringMemberPrinted" : {"_value" : "Jackie Doyle-Price"} , "dateOfAnswer" : {"_value" : "2017-06-27", "_datatype" : "dateTime"} , "groupedQuestionUIN" : [{"_value" : "781"} , {"_value" : "782"} , {"_value" : "784"} ], "isMinisterialCorrection" : {"_value" : "false", "_datatype" : "boolean"} , "questionFirstAnswered" : [{"_value" : "2017-06-27T16:39:59.363Z", "_datatype" : "dateTime"} ]} , "answeringDeptId" : {"_value" : "17"} , "answeringDeptShortName" : {"_value" : "Health"} , "answeringDeptSortName" : {"_value" : "Health"} , "date" : {"_value" : "2017-06-22", "_datatype" : "dateTime"} , "hansardHeading" : {"_value" : "NHS: Cybersecurity"} , "houseId" : {"_value" : "1"} , "legislature" : [{"_about" : "http://data.parliament.uk/terms/25259", "prefLabel" : {"_value" : "House of Commons"} } ], "questionText" : "To ask the Secretary of State for Health, if he will provide an update on how sensitive data is protected in the NHS; and what steps he has taken to improve cyber-security in the NHS since the ransomware attack on 12 May 2017.", "registeredInterest" : {"_value" : "false", "_datatype" : "boolean"} , "tablingMember" : {"_about" : "http://data.parliament.uk/members/4244", "label" : {"_value" : "Biography information for Jonathan Ashworth"} } , "tablingMemberConstituency" : {"_value" : "Leicester South"} , "tablingMemberPrinted" : [{"_value" : "Jonathan Ashworth"} ], "uin" : "780"} ], "itemsPerPage" : 10, "next" : "http://eldaddp.azurewebsites.net/answeredquestions.text?_page=1&max-ddpModified.=2019-05-21T17%3A45%3A14.748Z&answer.isMinisterialCorrection=false&max-date=2019-05-21&hansardHeading=NHS%3A+Cybersecurity", "page" : 0, "startIndex" : 1, "totalResults" : 13, "type" : ["http://purl.org/linked-data/api/vocab#ListEndpoint", "http://purl.org/linked-data/api/vocab#Page"]} }