Skip to main content

NHS: Cybercrime

Question for Department of Health and Social Care

UIN 92740, tabled on 21 September 2020

To ask the Secretary of State for Health and Social Care, with reference to the recent suspected ransomware attack on a hospital in Dusseldorf, what assessment he has made of the NHS’s ability to withstand a cyber attack.

This answer is the replacement for a previous holding answer.

Answered on

2 November 2020

Thanks to over £250 million of investment nationally by 2021, the cyber maturity and security posture of National Health Service organisations has increased over the past three years and continues to do so. Cyber attacks, including ransomware attacks, remain a major risk for the NHS and the cyber programme we have implemented has a strong focus on managing that risk.

We are using the Data Security and Protection Toolkit (DSPT) to assess cyber security performance at an organisation level, and this information is collated nationally to help inform policy and investment decisions. The DSPT helps organisations understand their data and cyber security risks and encourages the inclusion of cyber security in business continuity planning.

We are also helping NHS organisations increase their preparedness to recover from successful cyber attacks. During the COVID-19 response period, we have put in place additional cyber security protection for the NHS, including additional incident response capacity, a rapid remediation programme, and enhancements to the NHS Digital Cyber Security Operations Centre to increase monitoring.

Answered by

Department of Health and Social Care
Named day
Named day questions only occur in the House of Commons. The MP tabling the question specifies the date on which they should receive an answer. MPs may not table more than five named day questions on a single day.