A new strategy to protect the NHS and social care against cyber attacks has been set out by the government.

The Cyber Security Strategy for Health and Adult Social Care plans to promote cyber resilience across the sector by 2030, protecting services and the patients they support.

Health minister Lord Markham said: “We’re harnessing the power of technology to deliver better, safer care to people across the country – but at the same time it’s crucial we’re also bolstering the defences of our health and care services.

“This new strategy will be instrumental to ensure every organisation in health and adult social care is set up to meet the challenges of the future.”

Over 50% of social care providers now use a digital social care record, helping staff share vital information about the people they care for.

The vision includes five key pillars to minimise the risk of cyber attacks and other cyber security issues, and to improve response and recovery following any incidents across health and social care, including:

• Identifying the areas of the sector where disruption would cause the greatest harm to patients, such as through sensitive information being leaked or critical services being unable to function
• Uniting the sector so it can take advantage of its scale and benefit from national resources and expertise, enabling faster responses and minimising disruption
• Building on the current culture to ensure leaders are engaged and the cyber workforce is grown and recognised, and relevant cyber basics training is offered to the general workforce
• Embedding security into the framework of emerging technology to better protect it against cyber threat
• Supporting every health and care organisation to minimise the impact and recovery time of a cyber incident. 

A full implementation plan will be published in summer 2023 setting out detailed activities and defining metrics to build and measure resilience over the next two to three years.

Saffron Cordery, deputy chief executive at NHS Providers, said: “Trust leaders will welcome this step to address the threat of cyber attacks, which pose a risk to patients. Keeping patients safe is their number one priority.

“As digital working in the NHS expands, these types of security measures are vital. Many trust leaders have had National Cyber Security Centre board training and are working hard to meet statutory and recommended standards.

“However, trusts need adequate funding to properly address the growing risk of cyber attacks, which includes updating old and unsupported legacy software.”