Covid-19 response forces halt to NHS cyber security checks

By Nick Carding2020-03-18T17:39:00+00:00

3 Comments

NHSX grants extension to cybersecurity information collection
Delay provided to help NHS’ response to covid-19
NHS data chief warns criminals will target health system during pandemic

Security checks to keep the NHS safe from hackers have been delayed to help managers deal with covid-19.

The service has also been warrned of attempts to exploit the pandemic by online fraudsters.

The six-month delay means NHS trusts do not need to complete a cybersecurity checklist until September, by when it is hoped the numbers of patients affected by coronavirus has passed its peak.

It comes amid a separate warning by NHS Digital chief executive Sarah Wilkinson over “opportunism” by hackers and fraudsters who are attempting to exploit the chaos caused by the pandemic.

Every year, health and care organisations submit a “data security and protection toolkit” (DSPT) to regulators which sets out their level of cybersecurity.

These toolkits helps organisations check they are resilient to potential cyber attacks. Currently, there is a “high risk” to health and social care organisations’ cybersecurity, according to NHS Digital.

The toolkits were scheduled to be completed and sent to NHSX by the end of March, but this deadline has been extended – the organisation announced this week.

In a briefing sent to NHS organisations, such as trusts, clinical commissioning groups and commissioning support units, NHSX said it was “critically important” that the NHS and social care remains “resilient to cyber attacks during this period of covid-19 response”.

But the unit said it recognised it would be difficult for many organisations to “fully complete the toolkit without impacting on their covid-19 response”.

Organisations now have until the end of September to submit their checklists. According to NHSX’ briefing, most organisations should already have completed - or be close to completing - their toolkits.

Meanwhile, Ms Wilkinson said NHS Digital was aware of fraudsters “spoofing HMRC email addresses” and sending emails which offer recipients tax rebates associated with covid-19.

Speaking at NHSD’s board meeting on Wednesday, she cited this as an example of “opportunism” by criminals, and warned the NHS should “expect all of that kind of unhelpful noise”.

However, Ms Wilkinson said she did not yet have any particular concerns about specific pandemic-linked cyber threats to the NHS.

Source

NHSX; NHS Digital board meeting

Source Date

March 2020

Topics

3 Comments

Comment
Pandemic leads to huge change in patient and GP behaviour

2020-04-07T11:39:00Z By Dr Stephen Black

As this pandemic necessitates the use of digital technology as a medium of contact, the primary care sector has witnessed some major changes in both patient and GP behaviour.
Comment
Primary care has transformed into a ‘dial-in’ or ‘click first’ service

2020-03-27T12:39:00Z By Clare Gerada

Responding to the new norm of social distancing has led primary care to adopt digital triaging as its primary way of working in just three weeks. Explains Clare Gerada.
Comment
Cowper’s Cut: No more heroes

2020-03-24T04:30:00Z By Andy Cowper

Andy Cowper explains how individual heroism by front-line colleagues is not going to aid in this time of crisis where covid19 is going to alter the NHS significantly and enduringly.