08.08.17
NHS trusts could face severe fines for inadequate cyber security
NHS trusts could face considerable fines if they do not put robust cyber security measures in place in their organisation, it has been revealed.
The government has today said that organisations responsible for delivering services and looking after sensitive public data could be harshly punished for failing to safeguard their digital security systems.
Organisations affected by the proposed legislation include operators in electricity, transport, water, energy, health and digital infrastructure.
In a statement from the Department for Digital, Culture, Media & Sport (DCMS), it was revealed that fines could be as large as £17m if the measures, which are open to consultation, are pushed forward.
The consultation will also look into how the Network and Information Systems (NIS) Directive is implemented from May 2018.
The government added that fines would only be a last resort, and will not apply to operators that have assessed the risks adequately and engaged with competent authorities, but still suffered attacks.
“We want the UK to be the safest place in the world to live and be online, with our essential services and infrastructure prepared for the increasing risk of cyber-attack and more resilient against other threats such as power failures and environmental hazards,” said digital minister Matt Hancock.
“The NIS Directive is an important part of this work and I encourage all public and private organisations in those sectors to take part in this consultation so together we can achieve this aim.”
Operators will also need to develop a strategy and policies to understand and manage cyber security risks. These include implementing measures to detect attacks, develop security monitoring and raise staff awareness and training to these issues.
The consultation is part of the National Cyber Security Strategy (NCSS) plan to transform digital security in the UK which is supported by £1.9bn investment.
Part of this strategy included the opening of the National Cyber Security Centre (NCSC), as well as free online advice and training schemes to help businesses and public bodies.
Ciaran Martin, CEO of the NCSC, added: “We welcome this consultation and agree that many organisations need to do more to increase their cyber security.
“The NCSC is committed to making the UK the safest place in the world to live and do business online, but we can’t do this alone.
“Everyone has a part to play and that’s why since our launch we have been offering organisations expert advice on our website and the Government’s Cyber Essentials Scheme.”
The news follows the DH also pledging £50m to safeguard NHS digital security last month. This was after a cyber-attack infiltrated the computers of hundreds of trusts in May, stopping them from properly administering care.
The consultation will be open until 30 September 2017.
Have you got a story to tell? Would you like to become an NHE columnist? If so, click here.