4 minute read
NEWS: Cyber Security Strategy
Cyber Securi Strategy for Adult Social Care to 2030
Advertisement
Published on March 22nd 2023 by Katie Thorn Blog from Phil Huggins, National CISO For Health & Social Care, Joint Digital Policy and Strategy Unit, NHS Transformation Directorate | DHSC
The Cyber Security Strategy for Health and Adult Social Care to 2030 has been published today (22/03/23).
The strategy sets out a vision to 2030 for a health and social care sector that is resilient to cyber-attack. It establishes cyber security as a foundational business need to ensuring patient and service user safety. Improved cyber resilience will assure availability of services, protect valuable data, enable quicker response and recovery when attacks do occur, and increase public trust.
I am incredibly happy to announce the publication the Cyber Security Strategy for Health and Adult Social Care to 2030. It has been a long journey to reach this milestone and I am pleased that we can now share our joint approach to tackling cyber security risk across the adult social care system.
With a direct focus on adult social care, this strategy builds on success through our community-led approach for cyber security. Working with the sector, and in lockstep with its digital journey, we will continue to address the sector’s specific challenges and respect its organisations’ independence and diversity Using a community–led approach we intend to mainstream adult social care across some of our central cyber functions
This is just the beginning, and it is important to me that we work together so that you can understand the detail of the model and that you are empowered to deliver its proposals
A unified and collaborative approach is key to improving sector-wide cyber security, ensuring we can ‘defend as one’ across the entire system We have taken into consideration the complexities of the adult social care system and we recognise that a balanced approach is needed to account for specific needs and varying cyber capabilities while defending as one. We want to work with you to ensure we move forwards together.
This ambitious strategy envisages a health and social care sector that is resilient to cyber-attack
Shaping a common purpose and language for tackling cyber risk, this strategy is in the health and adult social care sector and for the wider public who rely on tho Improved cyber resilience will assure availability of services, protect valuable dat response and recovery when attacks do occur, and increase public trust. As such foundational business need to ensuring patient and service user safety.
The strategy docks under the Government Cyber Security Strategy 2022 to 2030, whilst also cross-referencing the aims and learnings from strategies and reports such as, but not limited to, Data Saves Lives, A Plan for Digital Health and Care It builds on the success of the community led approach for cyber security that has been developed through the Better Security, Better Care programme It speaks to the importance of cyber security in underwriting public trust in digital services and technologies and the significance of this public trust for innovation.
The strategy sets out five complementary pillars to achieve this vision, with an approach that will be applicable across health and social care systems including for adult social care, primary care, and our critical supply chain as well as for secondary care. The five pillars are:
● focus on greatest risks and harms
● defend as one
● people and culture
● build secure for the future
● exemplary response and recovery
Working collaboratively with national and regional teams, Better Security Better Care’s local support organisations, integrated care systems, health and care leaders, and cyber security staff, and in accordance with the roles and responsibilities set under each pillar, together we can be confident in achieving these outcomes. While this is a strategy to 2030, it contains specific deliverables to 2025 and will be accompanied in Summer 2023 by a published implementation plan setting out activity for the next 2 to 3 years to make improvements across the four Cyber Assessment Framework objectives
I look forward to continuing to build our relationships across the adult social care sector as we turn to implementation of our vision If you have any questions, please reach out to england.cyberstrategy@nhs.net
The attack is the third on schools in West Sussex over the past week. Two schools in Chichester have been subjected to major ransomeware attacks. One of them – Bishop Luffa – confirmed that hackers were holding a huge amount of sensitive data to ransom but said the school was not in a position to pay https://www.sussexexpress.co.uk/news/hackers-target-horsham-school-in-malicious-cyber-attack
Tanbridge House School sent out a letter to parents this week saying that hacking of its systems had had ‘ a big impact on the normal running of the school this week’ but that computers were being reconfigured.
In the letter Mark Sheridan said: “We now understand there to have been a malicious access of our school computer systems from an outside party.
“This incident continues to be fully investigated by our external IT security team. They have told us that while the hackers managed to gain access and lock us out of all of our systems, no evidence has been found of any breach of data or compromise of sensitive information.
“IT security staff were quickly on site to shut down our computer systems and we reported the incident to the Information Commissioner’s Office, who have given us the advice we are now following.
“While this has had a big impact on the normal running of our school this week, our IT team have been busy building an enhanced, secure system for students and staff to use. Over 300 computers have been reconfigured already. This process will be ongoing and continuing over the weekend.
“We will be issuing new login details to all students and staff from Monday March 20, and we hope to be fully back up and running early next week.
What would you do if this was your organisation?
