The Cyber Security and Resilience Bill is making its way through the Westminster system, and NHS digital leaders are urging their suppliers to sign a voluntary cyber security charter to enhance their resilience against threats like ransomware and secure the supply chain.
The NHS has faced numerous cyber breaches in the past, notably during the WannaCry incident in 2017 and a recent cyber attack on Synnovis, a supplier of pathology lab services to NHS trusts in south London.
In response to the evolving threat landscape, the NHS has seen a significant shift in recent months. In an open letter to suppliers, key NHS officials emphasized the importance of collaboration in defending against cyber threats.
Suppliers are being asked to maintain secure IT systems, comply with data security standards, implement multifactor authentication, ensure cyber monitoring, and have backups and recovery plans in place. They must also conduct incident response exercises, report cyber attacks promptly, and adhere to software code of practice guidelines.
The NHS leaders are encouraging suppliers to become trusted partners by signing the charter, which will include various security measures. A self-assessment form will be launched in the autumn for suppliers to commit to the charter.
Recognizing the challenges of continuously improving cyber resilience, the NHS is prepared to support suppliers by providing tools for auditing supply chains, defining requirements for a national supplier management platform, and reviewing contractual frameworks for security.
Webinars and a supplier cyber security forum are planned for the coming months to further enhance cyber security practices. The focus is on safeguarding sensitive data and ensuring the continuity of critical services in the face of escalating cyber threats.
