Half of ICSs lack plan against ‘constantly evolving’ cyber attacks

At least half of integrated care systems (ICS) lack plans for responding to cyberattacks, at a time of increasing cyber risks, HSJ can reveal.

The findings also come at a time when the threat posed by cyber attackers is “constantly evolving”, and in the wake of a recent high-profile attack on a supplier to several trusts. 

In August 2021, NHS England published a framework – What Good Looks Like – to set out what ICSs and member organisations must achieve to be considered digitally mature.

Requirements included that all ICSs should have a system-wide plan for “maintaining robust cybersecurity” with “centralised capabilities to provide support across all organisations”.

However, 20 ICSs have told HSJ they do not yet have such a cybersecurity strategy or plan in place. Nine ICSs said they did, while the remaining 13 ICSs did not respond.

This is despite the NHS being subjected to a growing number of cyber attacks. In 2020-21, NHS Digital reported the health service had been targeted roughly 21 million times on a monthly basis, which marked an increase since before the pandemic. Most of these are malicious emails containing malware and are automatically blocked by cyber defence and monitoring systems. 

However, in August, a dozen mental health trusts and several NHS 111 and urgent care providers were badly affected by a cyber attack on one of their IT suppliers, Advanced. Several trusts have not yet regained full access to their electronic patient record three months on from the attack.

Read full story (paywalled)

Source: HSJ, 11 November 2022