Private tech providers are under pressure to fortify the NHS’ digital service again and assess their cyber standards after several breaches.
Tougher rules will force providers to meet high cybersecurity standards, especially to have their solutions contracted to help the NHS or any business.
Across a number of government contracts, an epidemic problem persists with technology providers that promise and do not deliver services to a high standard. This has caused delays and some digital ID schemes like the Home Office’s Verify programme to be dropped due to a lack of cooperation with providers.
The King’s Speech to Parliament last week voiced Labour’s plans to strengthen digital security through observing digital “supply chains” that serve public institutions.
On 3rd June, the Synnovis pathology joint venture was hit with a ransomware hack; the bad actors, Russian group Qilin, claimed responsibility for the incident which affected thousands of registered patients at big London hospitals.
Both political party manifestos underscored the problem with aligning private service providers to the NHS, from an unlimited selection of suppliers on the market.
The Financial Times quoted Dr Saif Abed, an ex NHS doctor and expert in cyber security and public health.
“There is a huge gap in the system, as we don’t have a clear regulator for healthcare cyber security that will investigate the patient safety impact of cyber security incidents, monitor supplier behaviour and enforce punishments for non-compliance”.
The impact of this cyber breach was mainly on GP surgeries and hospitals and pharmacies accessing patient medical records and dispensing whilst in other cases, disturbances with patient portals to communicate with NHS staff have been reported.
Labour announced introducing the cyber security and resilience bill to evolve the infrastructure fighting bad actor attacks on “hospitals, universities, local authorities, democratic institutions and government departments”. This will bring the UK up to the EU’s level of cyber resilience regulations.
