The must-read stories and debate in health policy and leadership.

New mission

In another clear attempt to show he is a man on a new mission, Matt Hancock has opened up not so old wounds over the junior doctors’ contract, pledging to invest some additional money to iron out glitches to “put the past behind us and move forward”.

Again Mr Hancock is trying to show he is not Jeremy Hunt – a health secretary who became vilified by the NHS workforce and hated by thousands of junior doctors who blamed him personally for the strike action in 2016.

Mr Hancock, in a letter to the British Medical Association, also pledged his continuing desire to show junior doctors, and consultants, that he values their contribution. He has asked NHS Business Services Authority to change the way it handles tax charges against staff who breach their pension allowance so individuals no longer have to stump up.

He has also handed £10m to trusts to improve the working conditions of junior doctors, asked Health Education England to roll out flexible working to more medical specialities, and is offering more olive branches to the BMA on the consultant contract negotiations and review of the junior doctor contract.

Not much cognitive load is required to calculate whether Mr Hancock will succeed in winning around the medical profession. Trinkets here and there are one thing, eight years of austerity and a stream of perceived attacks is quite another.

Holding the NHS to ransom

More than a year after the WannaCry ransomware virus, the most disruptive cyber attack in NHS history, the government has finally put a figure on the damage done.

According to an “October 2018 progress update” released by the Department of Health and Social Care released on Thursday, the estimated cost to the NHS was £92m.

Only £19m of this was incurred in the week or so when NHS services were severely disrupted, with ambulances diverted and more than 19,000 appointments and operations cancelled.

Far more, about £73m, was incurred fixing IT security holes in the aftermath, a task that is very much still a work in progress and likely to cost hundreds of millions of pounds more.

DHSC have put many caveats around this figure, or “approximate estimate”, and have probably only come up with one after the public accounts committee specifically criticised the department for failing to do so.

It is also worth noting that the only trust to have produced their own estimate of its lost income from WannaCry, Barts Health Trust, put the figure at £9.5m (about half of DHSC’s estimate of the immediate costs).

The DHSC response also does not directly address the funding shortfall in bringing trusts up to the “minimum bar” standard for cyber security, which could be as high as £750m.

Instead, trusts will be expected to “provide a plan” to meet this standard, funding aside, and more details about the “ambition” will be worked out down the road.