• NHSX grants extension to cybersecurity information collection
  • Delay provided to help NHS’ response to covid-19
  • NHS data chief warns criminals will target health system during pandemic  

Security checks to keep the NHS safe from hackers have been delayed to help managers deal with covid-19.      

The service has also been warrned of attempts to exploit the pandemic by online fraudsters.

The six-month delay means NHS trusts do not need to complete a cybersecurity checklist until September, by when it is hoped the numbers of patients affected by coronavirus has passed its peak.

It comes amid a separate warning by NHS Digital chief executive Sarah Wilkinson over “opportunism” by hackers and fraudsters who are attempting to exploit the chaos caused by the pandemic.

Every year, health and care organisations submit a “data security and protection toolkit” (DSPT) to regulators which sets out their level of cybersecurity.

These toolkits helps organisations check they are resilient to potential cyber attacks. Currently, there is a “high risk” to health and social care organisations’ cybersecurity, according to NHS Digital. 

The toolkits were scheduled to be completed and sent to NHSX by the end of March, but this deadline has been extended – the organisation announced this week. 

In a briefing sent to NHS organisations, such as trusts, clinical commissioning groups and commissioning support units, NHSX said it was “critically important” that the NHS and social care remains “resilient to cyber attacks during this period of covid-19 response”.

But the unit said it recognised it would be difficult for many organisations to “fully complete the toolkit without impacting on their covid-19 response”. 

Organisations now have until the end of September to submit their checklists. According to NHSX’ briefing, most organisations should already have completed - or be close to completing - their toolkits. 

Meanwhile, Ms Wilkinson said NHS Digital was aware of fraudsters “spoofing HMRC email addresses” and sending emails which offer recipients tax rebates associated with covid-19. 

Speaking at NHSD’s board meeting on Wednesday, she cited this as an example of “opportunism” by criminals, and warned the NHS should “expect all of that kind of unhelpful noise”. 

However, Ms Wilkinson said she did not yet have any particular concerns about specific pandemic-linked cyber threats to the NHS.