NHS England launch Cyber Security Standard

NHS England has announced the introduction of a Cyber Security Charter in an open letter addressed to all current, prospective and aspiring suppliers to the NHS.

The letter acknowledges the increasing sophistication of cyber threats, particularly the growing prevalence of ransomware attacks targeting NHS supply chains. The letter emphasised that as attackers become more advanced, the potential impact and severity of attacks also escalates, in response a coordinated response is needed from all partners.

The Cyber Security Charter outlines 8 core principles that suppliers are expected to meet. These principles include, the implementation of Multi-Factor Authentication (MFA) across suppliers’ systems and the execution of cyber response exercises at board level to ensure preparedness and resilience.

Core 8 principles outlined in the charter:

• Stay up to date with the latest patches applied to address known vulnerabilities.
• Achieve and maintain the “Standards Me” as part of the Data Security and Protection Toolkit (DSPT).
• Apply Multi-Factor Authentication on their networks and systems across suppliers systems.
• To have “immutable backups” of all critical business data, ensuring recovery in the eventuality of an attack.
• Round the clock threat monitoring systems for suppliers in the event of an attack and as a pre-emptive detection system.
• A board level exercising plan to ensure a swift and confident response to cyber-attacks.
• The commitment to reporting any loss of data related to patient care, in a timely manner, once an attack has been detected.
• All software provided to the NHS must be in compliance with the DSIT/NCSC Software Code of Practices - ensuring safe design and development .

In recognition of this commitment, NHS England and the Department for Health and Social Care have made the following pledges:

• To work collaboratively with suppliers in shaping national policies and regulatory frameworks that affect NHS supply chains.
• To support NHS providers in making informed procurement decisions by improving their awareness of cyber security standards and the importance of working with security conscious suppliers.
• To provide assistance to NHS organisations during cyber incidents and promote a Just Culture.

The open letter can be accessed here.