Cyber Security Strategy for Health and Social Care

Cyber Security Strategy for Health and Social Care

Earlier this week DHSC published its cyber security strategy for health and social care. A summary is attached. The strategy provides a high-level view of the whole system’s needs up to 2030, breaking down the individual challenges and action for the different sectors. The strategy uses ‘defining roles’ to clarify how the commitments will look for each part of the system, with the role of National-first being a source of guidance and an enabler for shared learning rather than being directive. The roles are as follows:

  • National and regional cyber security teams
  • Integrated care systems (ICSs)
  • Health and social care leaders – Including Senior Leadership and Board-level.
  • Cyber workforce – key roles in cyber security such as Chief Information Security Officers.
  • Third party suppliers – any organisation providing goods or services to the health and care sector.
  • All employees – anyone working in Health and Adult Social Care, delivering care and support.

The strategy’s main aim is to ‘bake in’ cyber security into the sector’s processes to ensure the commitments and trust required to making Data Saves Lives and the Digital Health and Care Plan a reality are not undermined by vulnerabilities, such as the recent Advanced ransomware attack (used as a case example to forecast how future threats will be enacted). Although the strategy makes mention of Data Saves Lives, it does not detail anything about data or the connections required for sharing it across Health and Social Care, this is not within its scope, this is currently underway with SOCITIM Advisory’s leading the commissioned work building a minimum operational dataset and terminology.

Please read the attached briefing for a full summary.

NCF summary of Cyber Security Strategy March 2023