Cyber Security Resilience and Continuity of Supply

The Department of Health and Social Care (DHSC) Continuity of Supply team has engaged Government stakeholders to build knowledge of cyber security and improve its ability to respond to future cyber threats.

The DHSC are keen to embed this knowledge and share with supply chain suppliers to enhance resilience to any future incident.

What is a cyber incident?

The National Cyber Security Centre (NCSC) defines a cyber incident as a ‘breach of a system’s security policy in order to affect its integrity or availability and/or the unauthorised access or attempted access to a system or systems’. This includes ransomware and phishing.

Why is it a problem?

Cyber attacks have increased significantly because of the COVID-19 pandemic given the increased use of digital platforms. The NCSC identified more ransomware attacks in the first four months of 2021 than the whole of 2020.

What are the impacts?

Aside from the financial costs, cyber breaches in the health sector lead to significant reputational damage for the company, its supply chain, and the health system as a whole.

How does digitisation and automation increase cyber vulnerability?

• Digitisation and automation has become more widespread, especially given the pandemic and labour shortages.
• Companies are increasingly contracting out technological solutions to retain an online presence and/or using automation.
• This weakens cyber security assurance as there is less visibility of the supply chain.
• Cyber crime is more susceptible across the entire supply chain.

Who can suppliers contact in the event of a cyber incident?

The NCSC reporting tool allows companies to log cyber incidents whether it is for information purposes or as a request for assistance.

Cyber incidents that threaten the supply of products to the NHS can also be reported to the Cyber Security Operations Centre (CSOC) , Data Security Centre or NHS Digital.