NHS: Cybersecurity Debate
Full Debate: Read Full DebateDepartment: Department of Health and Social Care
Baroness Brinton
Main Page: Baroness Brinton (Liberal Democrat - Life peer)Department Debates - View all Baroness Brinton's debates with the Department of Health and Social Care
(6 years ago)
Lords ChamberRead Full debate Read Hansard Text Read Debate Ministerial Extracts
Lord O'Shaughnessy
The PAC review found that the use of Windows XP was at the heart of the problem, as an unsupported and unpatched system. Several things have happened as a consequence. First, XP usage has gone down from 18% in 2015 to 1.7% now. We also have a customer support agreement with Microsoft now and are transitioning to Windows 10, which is of course fully supported and much more secure. We also have a system now called cursor collect. The notifications that go out, called cursor notifications, are due to be acted on within 48 hours. That exposes the fact that we did not have a way of tracking that. We now have a way of tracking that and enforcing action at trust level. So there is a much higher degree of security than there was. Of course, no security is ever perfect and our vigilance carries on.
Baroness Brinton (LD)
My Lords, in Scotland it is possible for your records to be transferred from one hospital to another or from your GP to your hospital without any consequences at all. One of the concerning things about the Public Accounts Committee report is the systemic failures in IT overall in NHS England. One example is where regional hospital A cannot receive data from district hospital B, even if it is a simple blood test, because they use different systems; the consultant I spoke to said that he actually advises people to use faxes. This is our NHS in the 21st century.
Lord O'Shaughnessy
The noble Baroness is highlighting a historic problem about interoperability between different bits of the NHS in England. That is absolutely fair enough. I would highlight two things that we are doing. First, the National Data Guardian for Health and Care has defined 10 data standards that should apply to both security and interoperability between different systems, and those now apply in all key NHS contracts, including the standard NHS contract. Secondly, we have launched a programme to appoint up to five local health and care record exemplars, which will provide interactive and interoperable data for patients for their direct care—so that the issue we have at the moment of data sometimes falling between different institutions will not happen any more.