Top cybersecurity officials within the UK government and the National Health Service (NHS) are calling on technology suppliers to strengthen their cybersecurity measures by signing a public charter. This initiative comes as ransomware attacks are increasingly threatening NHS operations, with several incidents impacting healthcare facilities in recent years.
The letter, signed by notable figures including Vin Diwakar and Mike Fell from the NHS, emphasizes the rising severity and frequency of cyber incidents. In the past year alone, the NHS experienced multiple significant attacks, raising concerns about the security culture within the organization. Such incidents, they claim, signal an urgent need for cooperation across the supply chain to enhance cybersecurity practices.
Recent high-profile attacks, including incidents that led to widespread appointment cancellations and missed cancer care targets, further highlight the critical vulnerabilities within NHS digital infrastructure. As the NHS aims to safeguard its operations, it is requesting suppliers to commit to specific cybersecurity requirements, which will be detailed in a forthcoming self-assessment form.
This charter, while voluntary, serves as an important step towards establishing a robust cybersecurity framework within the NHS’s supply chain. The requested commitments include maintaining compliance with the NHS’s Data Security and Protection Toolkit, implementing multi-factor authentication, and ensuring 24/7 cyber monitoring. The letter also reminds suppliers of their existing legal obligations, such as compliance with GDPR and their contracts with the NHS.
A successful partnership in cybersecurity is vital, as underscored by Phil Huggins, the government’s healthcare CIO, who stated that the charter’s expectations would eventually be integrated into contractual processes. The NHS is actively reviewing its contracts to clarify the cybersecurity requirements that suppliers must meet moving forward. This collaborative effort aims to fortify the UK’s healthcare systems against an ever-evolving cyber threat landscape.