Two months on from WannaCry attack, Department of Health publishes extensive report detailing upcoming cyber and data security measures
The health service is to adopt 10 data-security guidelines Credit: PA
Two months on from the havoc caused by the WannaCry ransomware attack, the Department of Health has announced plans to increase spending on cyber and data security to more than £50m, including a new £21m dedicated fund for use by England’s network of 27 major trauma centres. Elsewhere, digital systems are to be introduced to allow patients to track how their data is used, and by whom.
The department has published a report in response to two separate reviews into its data security measures, conducted by watchdog the National Data Guardian and regulator the Care Quality Commission.
The report, called Your Data: Better Security, Better Choice, Better Care, said that the government’s first funding priority will be a planned £21m capital spending pot for use by major trauma centres, which specialise in providing care for those who have suffered life-threatening or life-altering injuries.
Related content
- NHS ransomware attack one month on: “The people who didn’t patch Windows 7 should be sacked”
- NHS cyber attack a ‘wake-up call’ for government
- ‘They should have planned it on Google Earth’ – UK cybercrime chief on the Hatton Garden heist’s folly and why WannaCry is a watershed moment
Allowing citizens to make better-informed choices about the use of their data is another target laid out in the report. This includes an online service – due to launch by the end of next year – which will allow people to see who has accessed their summary care record. By March 2020, this will be expanded to permit patients to see how personal data collected by NHS Digital has “been used for purposes other than their direct care”.
The DoH will also implement UK data-protection legislation in May of next year. This, the report said, “will provide a framework to protect personal data and will also impose more severe penalties for data breaches and reckless or deliberate misuse of information”.
The role and functions of the National Data Guardian will also be placed “on a statutory footing” by the department. Meanwhile, sometime in 2018, the Information Governance Alliance will also publish “anonymisation guidance based on the Information Commissioner’s Office Code of Practice on Anonymisation”, according to the report.
It added: “We will [also] clarify the legal framework by working with the Confidentiality Advisory Group to ensure its approvals process under Section 251 of the NHS Act 2006 enables organisations to access the information they need – for example for invoice validation.”
The report revealed that the National Data Guardian has defined 10 “data-security standards”, by which the department will adhere. These are printed in full below.
In the immediate term, NHS Digital is currently helping local trusts and other bodies by broadcasting alerts about cyber threats, carrying out assessments on site, sharing best-practice guidelines and advice, and offering a hotline which local entities can ring when dealing with a security threat.
The DoH is also looking to define the quickest and cheapest way to help NHS bodies in migrating away from Windows XP and other unsupported operating systems.
Health minister Lord O’Shaughnessy said: “The NHS has a long history of safeguarding confidential data, but with the growing threat of cyberattacks – including the WannaCry ransomware attack in May – this government has acted to protect information across the NHS.
He added: “Only by leading cultural change and backing organisations to drive up security standards across the health and social care system can we build the resilience the NHS needs in the face of a global threat.”
The National Data Guardian’s 10 Security Standards
- All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. Personal confidential data is shared for only lawful and appropriate purposes
- All staff understand their responsibilities under the National Data Guardian’s data-security standards, including their obligation to handle information responsibly and their personal accountability for deliberate or avoidable breaches.
- All staff complete appropriate annual data security training and pass a mandatory test, provided through the redesigned Information Governance Toolkit.
- Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. All instances of access to personal confidential data on IT systems can be attributed to individuals.
- Processes are reviewed at least annually to identify and improve any which have caused breaches or near misses, or which force staff to use workarounds which compromise data security.
- Cyberattacks against services are identified and resisted and CareCERT security advice is responded to. And that action is taken as soon as possible following a data breach or near miss, with a report made to senior management within 12 hours of detection. Significant cyber-attacks are to be reported to CareCERT immediately following detection.
- A continuity plan is in place to respond to threats to data security, including significant data breaches or near misses, and it is tested once a year as a minimum, with a report to senior management.
- No unsupported operating systems, software or internet browsers are used within the IT estate.
- A strategy is in place for protecting IT systems from cyber threats, based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.
- IT suppliers are held accountable via contracts for protecting the personal confidential data they process and for meeting the National Data Guardian’s data-security standards.
Mexican Easy Pharm: Mexican Easy Pharm – Mexican Easy Pharm
top farmacia online: Farma Prodotti – Farmacie on line spedizione gratuita
migliori farmacie online 2024
Farmacia online piГ№ conveniente: Farma Prodotti – comprare farmaci online con ricetta
phmacao com login phmacao п»їCasinos in the Philippines are highly popular.
The Philippines offers a rich gaming culture. https://phtaya.tech/# Casino promotions draw in new players frequently.
Gaming regulations are overseen by PAGCOR.: phmacao com – phmacao casino
The casino scene is constantly evolving.: taya365 login – taya365.art
Some casinos feature themed gaming areas.: phtaya.tech – phtaya casino
Online gaming is also growing in popularity. https://taya365.art/# Poker rooms host exciting tournaments regularly.
http://phmacao.life/# Players enjoy both fun and excitement in casinos.
The thrill of winning keeps players engaged.
Poker rooms host exciting tournaments regularly.: phmacao – phmacao.life
taya777 login taya777 app Many casinos host charity events and fundraisers.
http://taya365.art/# Casino promotions draw in new players frequently.
Poker rooms host exciting tournaments regularly.
The casino industry supports local economies significantly.: phtaya login – phtaya.tech
Casinos offer delicious dining options on-site. https://phtaya.tech/# Promotions are advertised through social media channels.
Most casinos offer convenient transportation options.: phtaya login – phtaya casino
http://taya365.art/# The thrill of winning keeps players engaged.
Promotions are advertised through social media channels.
Live dealer games enhance the casino experience.: phtaya casino – phtaya login
Loyalty programs reward regular customers generously. http://phmacao.life/# Visitors come from around the world to play.
Slot machines feature various exciting themes.: taya777 – taya777
https://phmacao.life/# Many casinos offer luxurious amenities and services.
Resorts provide both gaming and relaxation options.
La adrenalina es parte del juego.: jugabet casino – jugabet chile
The Philippines has a vibrant nightlife scene. http://taya365.art/# п»їCasinos in the Philippines are highly popular.
http://taya777.icu/# High rollers receive exclusive treatment and bonuses.
Security measures ensure a safe environment.
La mayorГa acepta monedas locales y extranjeras.: winchile casino – winchile.pro
Most casinos offer convenient transportation options.: phmacao com – phmacao.life
http://winchile.pro/# Las aplicaciones mГіviles permiten jugar en cualquier lugar.
Poker rooms host exciting tournaments regularly.
Live music events often accompany gaming nights. https://taya365.art/# A variety of gaming options cater to everyone.
winchile winchile.pro La Г©tica del juego es esencial.
Las promociones atraen nuevos jugadores diariamente.: winchile.pro – win chile
https://phmacao.life/# Casinos offer delicious dining options on-site.
Casino visits are a popular tourist attraction.
Los jugadores deben jugar con responsabilidad.: jugabet chile – jugabet casino
Slot machines feature various exciting themes. https://winchile.pro/# Las mГЎquinas tienen diferentes niveles de apuesta.
Many casinos provide shuttle services for guests.: phmacao com login – phmacao casino
https://phtaya.tech/# Visitors come from around the world to play.
Entertainment shows are common in casinos.
Slot machines feature various exciting themes.: taya365 com login – taya365 login
Many casinos have beautiful ocean views. https://phmacao.life/# A variety of gaming options cater to everyone.
http://jugabet.xyz/# Los jugadores pueden disfrutar desde casa.
The Philippines has a vibrant nightlife scene.
The gaming floors are always bustling with excitement.: taya777 register login – taya777 register login
Casino visits are a popular tourist attraction.: taya777.icu – taya777 register login
Visitors come from around the world to play. https://phmacao.life/# Casinos often host special holiday promotions.
https://phmacao.life/# The thrill of winning keeps players engaged.
The Philippines has a vibrant nightlife scene.
La diversiГіn nunca se detiene en los casinos.: winchile casino – winchile
phmacao com login phmacao com Players often share tips and strategies.
https://taya365.art/# The Philippines has a vibrant nightlife scene.
The casino experience is memorable and unique.
Hay casinos en Santiago y ViГ±a del Mar.: jugabet – jugabet casino
Security measures ensure a safe environment. https://phmacao.life/# High rollers receive exclusive treatment and bonuses.
The casino scene is constantly evolving.: taya365.art – taya365.art
https://jugabet.xyz/# п»їLos casinos en Chile son muy populares.
The poker community is very active here.
phtaya casino phtaya login Many casinos have beautiful ocean views.
https://taya777.icu/# Manila is home to many large casinos.
The casino industry supports local economies significantly.
Promotions are advertised through social media channels.: taya365.art – taya365 com login
http://jugabet.xyz/# Las mГЎquinas tienen diferentes niveles de apuesta.
The thrill of winning keeps players engaged.
Las mГЎquinas tienen diferentes niveles de apuesta.: jugabet casino – jugabet casino
Las estrategias son clave en los juegos.: winchile – win chile
http://jugabet.xyz/# Muchos casinos tienen salas de bingo.
The Philippines has a vibrant nightlife scene.
winchile casino winchile п»їLos casinos en Chile son muy populares.
Los casinos organizan noches de trivia divertidas.: winchile – winchile.pro
http://phmacao.life/# The thrill of winning keeps players engaged.
Players enjoy a variety of table games.
Los juegos en vivo ofrecen emociГіn adicional.: jugabet casino – jugabet.xyz
http://jugabet.xyz/# La adrenalina es parte del juego.
Entertainment shows are common in casinos.
Casinos often host special holiday promotions.: taya365.art – taya365 login
The Philippines has a vibrant nightlife scene. http://taya777.icu/# Promotions are advertised through social media channels.
phtaya casino phtaya login Players enjoy a variety of table games.
Las estrategias son clave en los juegos.: winchile.pro – win chile
Casinos often host special holiday promotions.: taya365 com login – taya365.art