Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information please take a look at our terms and conditions. Some parts of the site may not work properly if you choose not to accept cookies.


Subscribe or Register

Existing user? Login



Government announces new measures for cyber security and data sharing

The government is promising a £21m fund to help protect trauma centres from cyber attack after hospital centres were downed by the WannaCry ransomware virus.

WannaCry cyber attack on NHS


A report into data sharing and safety in the NHS has prompted the government to implement security standards and announce a £21m fund to protect hospital centres from cyber attack

The government has announced additional funding for cyber security within the NHS, including a £21m fund to protect major trauma centres from attack.

The announcement is part of its response to a 2016 report, and subsequent consultation, by the National Data guardian, Dame Fiona Caldicott, into data sharing and safety within the health and social care system. It comes two months after the WannaCry ransomware immobilised parts of the NHS across the country.

“The NHS has a long history of safeguarding confidential data,” said health minister Lord O’Shaughnessy. “But with the growing threat of cyber attacks including the WannaCry ransomware attack in May, this government has acted to protect information across the NHS.”

“Only by leading cultural change and backing organisations to drive up security standards across the health and social care system can we build the resilience the NHS needs in the face of a global threat,” he adds.

The government has agreed to implement security standards from the Caldicott review as well as security recommendations from the Care Quality Commission (CQC). It plans to require greater responsibility for data security at a local level and introduce new training packages for staff. 

Parts of the NHS were made vulnerable to the WannaCry attack through continued use of Windows XP, an operating system launched in 2001 that has not received support from Microsoft since 2014. The government says that organisations should move away from, or isolate, any unsupported systems by April 2018.

It also reiterated plans to include patient data management within CQC inspections.

The government response also addresses data-sharing principles which were reviewed by Caldicott in light of the controversy over the proposals that were shelved last year.

It says that it will introduce an opt-out scheme for patients that will apply across health and social care, allowing them to say that their information can only be used for their direct care. Patients will also be able to see who has accessed their summary care record as well as how NHS Digital, which collects patient data, has used it.

From May 2018, the government is also introducing stronger laws to penalise anyone that misuses or attempts to de-anonymise confidential medical information. 

However, the British Medical Association (BMA), which represents doctors, has raised issues about the government’s approach to patient medical records.

John Chisholm, chair of the BMA’s medical ethics committee, said that it was concerned that patients will not be able to opt out of having their data sent from their GP to NHS Digital, and that there needs to be protections in place ahead of time so that patients will know how their data could be used. 

“If patients don’t have confidence in the system, not only does it damage the doctor–patient relationship, there is also a real risk that some will be put off visiting their GP, which could have serious public health implications,” said Chisholm.

“We are currently in ongoing constructive discussions with the government and hope we can reach an agreement that is in the best interests of patients.”

Citation: The Pharmaceutical Journal DOI: 10.1211/PJ.2017.20203192

Have your say

For commenting, please login or register as a user and agree to our Community Guidelines. You will be re-directed back to this page where you will have the ability to comment.

Recommended from Pharmaceutical Press

  • Print
  • Share
  • Comment
  • Save
  • Print Friendly Version of this pagePrint Get a PDF version of this webpagePDF

Supplementary images

  • WannaCry cyber attack on NHS

Newsletter Sign-up

Want to keep up with the latest news, comment and CPD articles in pharmacy and science? Subscribe to our free alerts.