Are you a client?
Sign in to view the full news archive.
In a move to shore up the UK’s health system against escalating cyber threats, senior NHS officials have issued an open letter to all current and prospective suppliers. The letter calls for alignment with a new voluntary Cyber Security Charter designed to harden the NHS’s digital defences.
Signed by Phil Huggins, National CISO for Health and Care, alongside NHS England’s Mike Fell (Director of Cyber Operations) and Vin Diwakar (National Director of Transformation), the letter warns of a “step change” in cyber threats. It follows a number of disruptive cyber-attacks on the NHS and its suppliers over the past year including the ransomware attack on pathology supplier Synnovis that led to the cancellation of thousands of appointments (See - London hospitals hit by ransomware attack) and data theft and ransom at NHS Dumfries and Galloway (See - NHS Scotland receives ransom demand to prevent data leak).
The Cyber Security Charter outlines robust best practices suppliers are urged to adopt, including multi-factor authentication, 24/7 monitoring, immutable backups, board-level cyber risk exercises, and compliance with the Data Security and Protection Toolkit (DSPT). Software vendors are expected to conform to the National Cyber Security Centre’s secure development code.
The charter remains non-binding, offering no procurement advantage, but is an important element of the effort to ‘defend as one’ in the NHS. The letter also points to the Cyber Security and Resilience Bill, to be submitted to Parliament this year, which aims to expand the remit of cyber regulation (See - Government outlines new Cyber Security and Resilience Bill). The Charter is due to launch officially later this year with a self-assessment mechanism. In the meantime, NHS England is laying groundwork for a national supplier management platform and a cyber supplier forum, aiming to unify security expectations across its ecosystem.
While signing the charter itself will be a matter of course for technology suppliers, what the letter really highlights is the focus the NHS is placing on cyber security. The opportunity to showcase how NHS technology suppliers not only meet, but exceed, the security requirements set out, will be an opportunity and highlights that alongside AI, cyber security remains a crucial area for differentiation and growth.
Posted by: Simon Baxter at 08:21