Public Services > Healthcare

BCS partnership targets NHS cyber security shortcomings

Neil Merrett Published 29 June 2017

Roadmap document outlines three year plan to introduce accredited IT professionals across entirety of the NHS to understand and adapt to threats and potential gaps in system security

BCS, the Chartered Institute of IT, has set out a three year roadmap for expanding cyber security training across the NHS in partnership with the Royal College of Nursing and suppliers such as BT and Microsoft to try and tackle fears about accountability and investment in health systems.

On the back of the ‘Wannacryy’ ransomware attack that compromised systems across the NHS last month, BCS has released a blueprint document to address concerns that UK healthcare bodies have struggled to “keep pace” with best practice on cyber security.

David Evans, the director of community & policy at the Chartered Institute for IT, argued that the Wannacryy attack was a reflection of a lack of investment in care systems and a failure to ensure staff were prepared to handle system breaches.

“Patients should be able to trust that hospital computer systems are as solid as the first-class doctors and nurses that make our NHS the envy of the world,” he said.

“Unfortunately, without the necessary IT professionals, proper investment and training the damage caused by the Wannacry ransomware virus was an inevitability, but with the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future.”

Designed in partnership with the Patient’s Association and other stakeholders, the blueprint is devised to set out how NHS trusts can avoid “crippling cyber-attacks” by adopting agreed standards and accreditation for IT staff working in healthcare.

BCS is also urging NHS Boards to understand their individual responsibilities in protecting systems and ensuring sufficient numbers of qualified and registered IT professionals are in place.

In pushing to help overhaul how the NHS can better deal with cyber security issues, the blueprint document seeks to have a “clear, costed and resourced plan to deliver the 2020 roadmap” by the end of the current year.  Over the same time period, BCS intends to commence the first training courses for NHS IT staff by working in conjunction with programmes such as the NHS Digital Academy.

From next year the blueprint intends to have a first tranche of health and care professionals to be qualified and registered, with guidance being rolled out to NHS bodies on making use of qualified IT staff to meet security obligations.

By 2019, BCS intends to have expanded the number of professionals registering for and undertaking IT accreditation fully across the NHS. It will also introduce changes from a review of initial experiences in this work.

Over the final year of the roadmap plan, it is hoped that the NHS will be able to better learn from incidents and anticipate emerging threats, while ensuring transparency to identify gaps in cyber security capabilities at an organisational level.

Related articles:

CQC to beef up NHS information governance inspections

NHS faces mass IT systems failure following ransomware attack

CCS launches revised cyber security framework

PAC report critical of Whitehall cyber security initiatives








We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.