27 ICSs without a plan to combat cyber attacks
At least half of all integrated care systems lack a plan to defend the services they oversee from a cyber attack, HSJ has discovered.
Integrated care systems are responsible for bolstering the cyber resilience of the organisations in their area. This includes having a “system-wide plan for maintaining robust cyber security”.
However, research by HSJ has found that only ten ICSs would confirm they had such a plan. Twenty-six ICSs admitted they did not have a plan in place, while six systems did not respond to HSJ’s inquiries. See the end of the story for the full list.
Of those without a plan, only 10 said they were developing one. NHS England had initially asked each ICS to submit draft cyber security strategies by the end of May, before sending final versions by the end of September but is now thought to be drawing up new timelines.
Some regions appear particularly exposed. All four ICSs in the North East and Yorkshire region admitted they did not have a cyber security plan, while no ICS in either the London or South East region could confirm they did.
An NHSE spokesman told HSJ it was “vital” that ICSs have “robust plans in place to manage the specific cyber risks in their local areas to protect patient data and systems”.
Read full story (paywalled)
Source: HSJ, 15 January 2024