4,531 members and growing, are your details correct please LOGIN and update NOW
HCSA EIS EVENTs Back in 2025 Dates to be announced later in November 2024
Have a charity for HCSA for 2025 submit @ admin@nhsprocurement.org.uk nomination close soon
HCSA Annual Awards close midnight 9th September 2024 so don't delay your submissions
HCSA Annual Conference 13 & 14 November 2024 Telford International Centre ON SALE NOW BOOK EARLY final spaces don't delay
Look out for HCSA rebrand coming November 2025 launch at conference
Close Search

‘Massive’ cybersecurity risk in NHS supply chain, trust and ICB leader warns

Home > News > ‘Massive’ cybersecurity risk in NHS supply chain, trust and ICB leader warns

The NHS supply chain contains “absolutely massive” cybersecurity risks which have not “really been talked about”, an integrated care board and trust chair has warned.

Lena Samuels, who is chair of two London trusts and of Hampshire and Isle of Wight Integrated Care Board, said: “We’ve been talking internally about our own organisations but we haven’t really talked about the supply chain and the risks within that – and that is absolutely massive.”

Her comments come after one of the most disruptive cyber attacks on the NHS last week hit pathology systems at King’s College Hospital and Guy’s and St Thomas’ foundation trusts, and primary care across six boroughs, with major disruption to tests still ongoing. This was due to an attack on their pathology IT system, which is run by and the company Synnovis. Synnovis is majority owened by the European firm Synlab.

Ms Samuels, speaking at the NHS Confed Expo conference yesterday, said many NHS organisations still needed to question: “How do our risk registers capture what our supply chain resilience looks like in terms of cyber protection?”

She said NHS organisations also needed to be considering “who on my board is going to ask that question” and “whether they’re going to even think of asking that question”, adding: “There’s so much that we’ve got to think about.”

Ms Samuels said ICBs needed to develop their skills and knowledge of cybersecurity, though expertise also needed to be shared nationally, but she said it was “really difficult to recruit that sophisticated talent”.

She said: “[Cybersecurity] leadership has got to be embedded within an organisation, in its totality. If we’re going to really get supportive activities to prevent something but also react against it, that culture has to be in place all the way through the organisation.”

As well as the ICB Ms Samuels chairs neighbouring Barnet, Enfield and Haringey Mental Health Trust and Camden and Islington FT, which work as a group. She told the event it would be helpful to have cybersecurity expertise in non-executive board roles, as well as among executives.

In the same session at the event in Manchester, Cate McLaurin, a digital security expert at consultancy Public Digital, said NHS organisations were highly likely to be hit by cyberattacks, as “public sector bodies [are] being targeted specifically”.

Source: HSJ

Date: 17 June

Posted in News on Jun 16, 2024

Back to News