09.01.19
NHS Digital’s first cyber security chief to resign after three months in role
NHS Digital’s first chief information security officer, a role established after the WannaCry ransomware attack, has resigned after just three months in the role.
In a memo to staff at NHS Digital, seen by Digital Health News, it was announced that Robert Coles would be stepping down from the role for personal reasons.
Coles, the former security chief at GlaxoSmithKline (GSK), was appointed in September and started the job in October, tasked with devising an organisational-wide cyber security strategy for NHS Digital in the wake of incidents like WannaCry.
Deputy chief executive Rob Shaw told staff that the resignation was “accepted with great regret” and personally thanked him for the “passion he brought to the role” and the progress he made in developing the system-wide cyber strategy.
The outgoing Coles commented: “I am very sorry not to be able to continue in my role at NHS Digital. I have enjoyed working with the very talented and passionate cyber security team at NHS Digital and seeing the commitment to improving cyber resilience across the health and care system.
“I wish everyone involved in building greater cyber resilience in the NHS the very best as they take this critical work forward.”
Prior to working at GSK, Coles worked at CISO for the National Grid and investment bank Merrill Lynch during a 30-year career in information security.
NHS Digital’s decision to create the role of CISO was the result of one of the key recommendations of the ‘lessons learned’ report produced by NHS England chief information officer Will Smart following WannaCry.
The May 2017 cyber-attack severely disrupted more than 80 hospitals and 8% of GP practices after a type of malware called ransomware was used to lock down IT systems.
In October, it was revealed that the overall cost to the NHS of the attack was £92m through lost services and IT support to restore systems and data in the aftermath.
Shaw told staff that the search for Coles replacement would begin “immediately” so that “the cyber security agenda continues to be key for NHS Digital and for the organisations we support.”
He added that NHS Digital had recruited some high-quality staff and that he was confident that this team of experts would continue to deliver services under the leadership of Dan Taylor whilst recruitment is ongoing.