HomeBusinessNHS hack prompts tougher UK cyber security rules for private providers

NHS hack prompts tougher UK cyber security rules for private providers

Unlock the Editor’s Digest for Free

UK Government Takes Action to Improve Cybersecurity After Ransomware Attack on NHS

The Impact of the Hack

In June, a cyber attack by Russian group Qilin disrupted healthcare services for thousands of patients registered with big London hospitals. The attack, which was carried out on Synnovis, a public-private pathology joint venture, highlighted the vulnerability of digital "supply chains" that serve state institutions. The hack resulted in the postponement of 3,396 outpatient appointments and 1,255 elective procedures at King’s and Guy’s and St Thomas’s hospitals.

Why Cybersecurity is a Growing Concern

The increasing use of private service providers by the NHS, a policy of both Conservative and Labour governments, has created an additional layer of vulnerability. Experts believe that there is a huge gap in the system, as there is no clear regulator for healthcare cyber security that investigates the patient safety impact of cyber security incidents, monitors supplier behavior, and enforces punishments for non-compliance.

The Need for Strengthened Cybersecurity

The big international IT outage on Friday, which left most GP surgeries in England unable to access patient record systems, further highlights the profound impact of disruption to digital services on the NHS. To address these concerns, the UK government has proposed a cyber security and resilience bill, which aims to strengthen cybersecurity rules and reporting requirements.

The Bill’s Key Features

The bill aims to:

  • Strengthen cybersecurity rules and reporting requirements for private companies supplying public services
  • Resource regulators through potential cost recovery mechanisms
  • Widen powers to investigate potential cyber vulnerabilities
  • Implement stricter penalties for non-compliance

The Impact on Healthcare

The proposed bill will have a significant impact on the healthcare sector, which is a main focus of the move. The government has highlighted how the Synnovis hack in June has so far led to the postponement of outpatient appointments and elective procedures.

Expert Views

Dr Saif Abed, a former NHS doctor and expert in cybersecurity and public health, believes that there is a huge gap in the system. "We don’t have a clear regulator for healthcare cybersecurity that will investigate the patient safety impact of cyber security incidents, monitor supplier behavior and enforce punishments for non-compliance," he said.

Dr Saira Ghafur, lead for digital health at Imperial College London’s Institute of Global Health Innovation, welcomed the bill as a "definite step in the right direction" towards protecting healthcare. However, she emphasized the need for further details to be established, including which regulator would oversee the new rules, how they would be implemented, and what sanctions they would contain if companies failed to use adequate security.

Conclusion

The UK government’s proposed bill is a crucial step towards improving cybersecurity and protecting the NHS from future attacks. As the healthcare sector becomes increasingly reliant on digital services, it is essential that measures are taken to ensure the security and resilience of these systems.

FAQs

Q: What is the proposed cyber security and resilience bill?
A: The bill aims to strengthen cybersecurity rules and reporting requirements for private companies supplying public services, resource regulators through potential cost recovery mechanisms, and widen powers to investigate potential cyber vulnerabilities.

Q: What was the impact of the Synnovis hack on the NHS?
A: The hack resulted in the postponement of 3,396 outpatient appointments and 1,255 elective procedures at King’s and Guy’s and St Thomas’s hospitals.

Q: Why is cybersecurity a growing concern in the healthcare sector?
A: The increasing use of private service providers by the NHS, combined with the lack of a clear regulator for healthcare cybersecurity, has created an additional layer of vulnerability.

Q: What are the key features of the proposed bill?
A: The bill aims to strengthen cybersecurity rules and reporting requirements, resource regulators, widen powers to investigate potential cyber vulnerabilities, and implement stricter penalties for non-compliance.

Q: Will the bill have a significant impact on the healthcare sector?
A: Yes, the bill will have a significant impact on the healthcare sector, as it aims to strengthen cybersecurity rules and reporting requirements for private companies supplying public services.

Q: What is the timeline for the implementation of the proposed bill?
A: The timeline for the implementation of the proposed bill has not been disclosed, but it is expected to be passed into law soon.

Author: www.ft.com

Orginal Source link

explore more

LEAVE A REPLY

Please enter your comment!
Please enter your name here