NHS: Digital Technology

Department of Health written question – answered on 27th June 2017.

Alert me about debates like this

Photo of Jon Ashworth Jon Ashworth Shadow Secretary of State for Health

To ask the Secretary of State for Health, if he will provide an update on how sensitive data is protected in the NHS; and what steps he has taken to improve cyber-security in the NHS since the ransomware attack on 12 May 2017.

Photo of Jon Ashworth Jon Ashworth Shadow Secretary of State for Health

To ask the Secretary of State for Health, what plans he has to establish an inquiry into the cyber-attack on the NHS on 12 May 2017.

Photo of Jon Ashworth Jon Ashworth Shadow Secretary of State for Health

To ask the Secretary of State for Health, what the total cost was of emergency measures put in place to address the NHS ransomware attack on 12 May 2017 and from which budgets those costs were met.

Photo of Jon Ashworth Jon Ashworth Shadow Secretary of State for Health

To ask the Secretary of State for Health, how many cyber-security incidents have taken place in the NHS since 2010; and how many incidents there have been where (a) patient data has been accessed or compromised and (b) patient care has been interrupted or halted.

Photo of Jackie Doyle-Price Jackie Doyle-Price The Parliamentary Under-Secretary of State for Health

Cyber resilience in the health and care system is an issue that the Government takes very seriously.

We have changed the National Health Service standard contract to include, from April 2017, cyber security requirements.

Evidence shows that the use of unsupported systems is continuing to reduce in health and care, as organisations replace older hardware. Latest estimates suggest the usage of Windows XP in the NHS has reduced from 15-18% at December 2015, to 4.7% of systems currently.

The 12 May 2017 ransomware incident affected the NHS in the United Kingdom. It is standard practice to review any major incident in the NHS. Further, the Chief Information Officer for health and care is undertaking a review into the May 2017 cyber-attack which is expected to conclude in the autumn.

The identifiable cost of emergency measures put in place to specifically address the NHS ransomware attack on 12 May 2017 was approximately £180,000. These costs were borne by NHS Digital and NHS England from internal budgets. Information relating to any expenditure incurred by individual local NHS trusts or other NHS organisations is not collected centrally.

We do not comment more widely on matters of security.

Does this answer the above question?

Yes0 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.