The must read stories in the NHS from Wednesday

Lack of security

An NHS Digital assessment of cyber readiness in the NHS has, once again, raised alarm bells about how seriously organisations are taking the online threat.

The assessment, based on an indepth examination of at least 64 NHS organisations, uncovered widespread weak passwords, poor policing of access to sensitive data and lax application of security updates.

More worrying, many trusts with poor cyber practices believe they were doing OK. There was “false sense of security”, an NHS Digital briefing to IT suppliers said.

It should be stressed that the assessment took place before the unprecedented WannaCry ransomware attack in May.

An optimist might conclude the disruption of this attack will have provided a wake up call, provoking trusts to spring to action and banish any unwarranted overconfidence.

A less upbeat analysis would note some structural elements that foster this compliancy remain largely intact; there isn’t much money for cybersecurity and NHS leaders aren’t penalised for letting it slide.

The government has made some recent moves on both funding and penalties. How far these will push cybersecurity up a stretched chief executive’s priority list, or into the minds of busy staff, remains to be seen.

No trust chiefs have yet had to resign in the wake of cybersecurity failings.

The NHS Digital briefing was based on voluntary assessments designed to help trusts, not tell them off for sloppy security.

The agency was so concerned about negative coverage of these findings dissuading trusts from taking up the assessment, that it removed the offending words entirely from an updated version of the briefing.

Supporting trusts to become more cyber resilient should be applauded, but there should also be consequences for those that fall too far behind.

As WannaCry demonstrated, there can be very real consequences for patients when they do.

Frimley boss to retire

One of the top acute chief executives in the NHS has announced his retirement.

Sir Andrew Morris will leave Frimley Health Foundation Trust in February, having led the organisation for 29 years.

Sir Andrew, who was top of HSJ’s list of Top Chief Executives earlier this year, is one of the longest standing trust leaders in the NHS.

He will continue to run the Frimley Health and Care accountable care system on a part time basis from 1 April 2018. He currently leads the ACS in addition to his chief executive role.

Under his leadership, Frimley Park established a Ministry of Defence hospital unit in 1996 and became one of the first foundation trusts in 2005.

Sir Andrew also led the takeover of the troubled Heatherwood and Wexham Park Hospitals FT to form Frimley Health FT. The rapid turnaround in the quality of care at the hospital was widely recognised and attributed to his leadership.

Frimley Park was the first trust to be rated outstanding by the Care Quality Commission.