Cyber Security Resilience and Continuity of Supply

The Department of Health and Social Care (DHSC) is striving for a ‘cyber resilient’ health and adult social care system in England.

The DHSC has now published its cyber security strategy to 2030 as it works towards a cyber resilient health and social care sector.

In an increasingly digitised health and social care system, technology and data are critical to providing effective care. Cyber security is the protection of devices, services and networks and the information on them from theft or damage. It is an essential enabler of that care, assuring the safety of patients and of people and their families drawing on care in the community.

See our Useful Links section for a link to the full policy paper details.

This cyber strategy sets out a vision for reducing the cyber security risk to health and social care organisations, protecting patient, service user and staff data, and implementing measures to ensure organisations are able to recover quickly from cyber attacks when they do occur.

The Department of Health and Social Care (DHSC) Continuity of Supply team has engaged Government stakeholders to build knowledge of cyber security and improve its ability to respond to future cyber threats.

The DHSC are keen to embed this knowledge and share with supply chain suppliers to enhance resilience to any future incident.

What is a cyber incident?

The National Cyber Security Centre (NCSC) defines a cyber incident as a ‘breach of a system’s security policy in order to affect its integrity or availability and/or the unauthorised access or attempted access to a system or systems’. This includes ransomware and phishing.

Why is it a problem?

Cyber attacks have increased significantly because of the COVID-19 pandemic given the increased use of digital platforms. The NCSC identified more ransomware attacks in the first four months of 2021 than the whole of 2020.

What are the impacts?

Aside from the financial costs, cyber breaches in the health sector lead to significant reputational damage for the company, its supply chain, and the health system as a whole.

How does digitisation and automation increase cyber vulnerability?

• Digitisation and automation has become more widespread, especially given the pandemic and labour shortages.
• Companies are increasingly contracting out technological solutions to retain an online presence and/or using automation.
• This weakens cyber security assurance as there is less visibility of the supply chain.
• Cyber crime is more susceptible across the entire supply chain.

Who can suppliers contact in the event of a cyber incident?

The NCSC reporting tool allows companies to log cyber incidents whether it is for information purposes or as a request for assistance.

Cyber incidents that threaten the supply of products to the NHS can also be reported to the Cyber Security Operations Centre (CSOC) , Data Security Centre or NHS Digital.