• New role will lead national response to next major cyber attack on NHS
  • Comes after review into NHS’s response to the WannaCry attack
  • Role created amid renewed focus on patching IT vulnerabilities

A new national role has been created to lead the response to the next major cyber attack on the NHS, following criticism of a poorly coordinated response to the WannaCry virus.

The new chief information and cyber security officer will have a broad national mandate to help NHS organisations prepare for another cyber attack, and control the national response in the event of another major incident. 

The senior role will sit within NHS Digital, which runs the care computer emergency response team for the NHS.

Deputy chief executive Rob Shaw said the new role will be the “lynchpin for cyber security across health and care”.

The role would include working closely with regional leads at NHS England and NHS Improvement and directly with individual NHS organisations as well as within NHS Digital.

“They will support NHS organisations to make the best decisions about their own cyber security and will put strategies in place to offer the right support at the right time.” 

The new role was one of the recommendations of NHS England’s review into the response to the global WannaCry virus.

On 12 May last year, the ransomware virus disrupted services at 80 trusts and hundreds of GP practices, and resulted in the cancellation of thousands of appointments and operations.

The attack, the worst in NHS history, has led to numerous reviews and the diversion of tens of millions of pounds into shoring up the system’s fragile IT infrastructure. 

At least one of those reviews, by the National Audit Office, criticised the “absence of timely central direction”.

“As the NHS had not rehearsed for a national cyber attack it was not immediately clear who should lead the response and there were problems with communications,” the review said.

HSJ also revealed last month deep concern within NHS Digital about the poor level of cyber-preparedness across the NHS in the wake of WannaCry, as well as concerns about funding and attracting qualified cyber security staff. 

A job advertisement for the new role said: “there will undoubtedly [be a] significant cyber incident within the health and care system during the coming years”. It also noted that the WannaCry attack was a “bellwether for cyber risk in the sector”.

The new role will also be responsible for leading NHS Digital’s new national cyber security centre.

Applications for the job close on 13 July.