BCS, The Chartered Institute for IT, welcomes the government response entitled Your Data: Better Security, Better Choice, Better Care, and supports the direction the government is taking in addressing the short-term risks around cyber security.

The BCS position as laid out in the ‘NHS Cyber Blueprint’ also sets out a need to develop the professional community across cyber as well as IT/informatics more generally.

David Evans, Policy Director at BCS comments: “The focus on ensuring that through CQC frameworks for organisations, and resources and services from NHS Digital, everyone understand the duties and broad options, is vital.

The additional funding will be welcomed by NHS CIOs at major trauma sites, but the rest will have to consider cuts to other areas of budgets to shore up cyber security.

“One of the important aspects to consider as the details are developed, is ensuring that responsibilities are appropriate and proportionate. We need to make it clear and simple for NHS boards to discharge their duties, and ensure that NHS leaders know what their responsibilities are. However, the burden cannot solely be on their shoulders.

They also need the proper professional support. The teams at NHS Digital and other centres of excellence will have tremendous expertise, but the scope of work across all of health and care in the UK means that a far broader community of IT professionals need to meet baseline standards.

“At the end of the day, the public needs to have assurance not only that hospital policies are in order, but that there are capable and accountable cyber professionals who are assuring that measures are appropriate and being carried out.

“The government plan is well-founded, but needs to be developed further and in different directions if public trust is to be placed fully on a system that has shown itself to be dangerously vulnerable. Just as patients rely on individual clinicians as well as hospital policies, the public needs to know that accountable and capable professionals are in the right places. This is particularly the case when a failing of an individual around cyber security can inflict far more damage than a negligent doctor.”