Question to the Department of Health and Social Care:

To ask Her Majesty's Government what advice, if any, they have provided to NHS Trusts regarding the need to upgrade software and improve cyber-security.

The Department published Your Data: Better Security, Better Choice, Better Care in July 2017 in which the Government accepted the 10 Data Security Standards recommended by the National Data Guardian, Dame Fiona Caldicott. The document sets out the steps National Health Service trusts are expected to take to improve their cyber security resilience. Data Security Standard 8 specifically states that no unsupported operating systems, software or internet browsers are used within the IT estate.

NHS Digital published in May 2017 Unsupported Platforms – Good Practice Guide giving trusts technical guidance on how to upgrade software and improve cyber security.

In October 2017, the Department followed up by publishing the 2017/18 Data Security and Protection Requirements. This document sets out the steps all health and care organisations will be expected to take in 2017/18 to demonstrate that they are implementing the 10 Data Security Standards, prior to a new assurance framework coming into place from April 2018.

In 2015, NHS Digital established CareCERT to provide national cyber support to health and care organisations. This support includes cyber alerts with advice on software updates, direct support when cyber incidents occur, and also on-site support to assess local vulnerabilities to improve local resilience and mitigate the impact of future cyber incidents.

The above mentioned reports are attached.