Question to the Department of Health and Social Care:

To ask the Secretary of State for Health, what estimate he has made of the (a) highest, (b) lowest and (c) average cost of implementing CareCERT alerts for each NHS trust in England.

CareCERT alerts are not costed in a way that would allow for a breakdown in costs relating to implementing these alerts for each National Health Service trust in England. This is because the local cost of implementing changes recommended in CareCERT alerts is entirely dependent on whether the vulnerabilities identified apply to the organisation in question, whether they are acting on all, some, or none of the recommendations, what their local solution on addressing the vulnerability is, and whether there is even a cost to making the change other than the resource effort to download patches.

CareCERT alerts are part of the suite of services offered by NHS Digital to improve the cyber hygiene and resilience of the NHS. To prevent cyber-attacks, NHS Digital’s CareCERT Intelligence service regularly blocks more than 90 million harmful activities each month. The alerts provided by CareCERT are guidance, advice, good practice, and support.