• NHS Digital will go to tender for a new national cyber security system
  • New service in response to critical internal review, that recommended strengthening cyber security
  • Comes after government announces tougher policies to improver cyber security after WannaCry attack 

The agency charged with protecting the NHS from cyberattacks is planning to build a new ‘security operations centre’.

NHS Digital has published a request for information, seeking a “strategic partner” to improve its cybersecurity both internally and as part of its services across the NHS.

The partner would help build a security operations centre to bring together and improve many of NHS Digital’s “disparate” cyber services, including detecting threats, responding quickly and educating trusts.

The new system would provide a more advanced, data analytics driven threat intelligence service, designed to catch cyberattacks early.

“The security operations centre will build on – rather than replace – existing capabilities, maturing and enhancing the current offering to ensure that the data security centre has a holistic view of security threats,” the request said.

Further details of the enhanced cybersecurity set up are expected later in the year, when NHS Digital goes out to tender.

The new centre is expected to be up and running by spring 2018.

The NHS has faced a growing number of cyberattacks, most unsuccessful, in recent years. This threat cumulated in the WannaCry ransomware attack on 12 May, which infected at least 47 trusts, leading to the cancellations of 15,000 appointments and operations.

In the wake of that attack, the government announced several new policies to improve cyber resilience in the NHS, many of which were designed to make trust leaders more accountable for data security.

NHS Digital runs the national IT infrastructure for the health service, including NHSmail, the NHS Spine and N3 network. In 2015, it established its CareCERT team to monitor cyber threats and help providers prepare and respond to a cyberattack.

The security operations centre is not a direct response to WannaCry attack. Instead, it follows a critical internal “capability review” carried out before the attack, which recommended wide ranging changes to the organisation, including improving cybersecurity.

The review said while there had been “rapid foundational capability rollout for cybersecurity, there is still opportunity to enhance and mature both internal and external cyber services”.

NHS Digital also intended to roll out a new commercial framework to help providers access cybersecurity suppliers.