U.K. Government Funds Cybersecurity Assessments for Smaller Medical Suppliers

Register and reap the benefits

Become a member of the HCSA to gain access to a variety of support tools and services.

Join us

Winter Conference 2021 Countdown

HCSA Job Board

All the latest NHS procurement job opportunities

See the latest jobs..

British digital minister announces funds for health-care supply-chain security

A patient appointment letter from a London National Health Service hospital next to a virus and spyware warning message on a laptop screen following a major cyberattack on NHS computer systems in 2017. Photo: Yui Mok/Zuma Press

The British government said it would cover the cost of some smaller medical suppliers to improve their cyber defenses amid security threats to health-care supply chains.

The £500,000 funding, equivalent to $650,000, is being made available to hundreds of businesses involved in pandemic response efforts, the government said on Thursday.

Hacking fears have risen during the coronavirus crisis. The National Cyber Security Centre, which is part of the U.K.’s Government Communications Headquarters intelligence agency, warned in May that hackers linked to nation-states are targeting medical providers and researchers responding to the spread of Covid-19.

“We know there is a heightened cyber threat for health-care businesses at the moment so we are releasing new funding to help those playing a vital role in the pandemic response to remain resilient,” said Matt Warman, the U.K.’s digital infrastructure minister, in a statement.

With the funds, companies will be able to gain certifications for their cybersecurity arrangements through the government-backed Cyber Essentials program, designed to assist smaller and medium-size businesses with implementing basic security protections.

The program includes advice on properly maintaining firewalls, systems access and other technical controls. Its certification is a requirement for government suppliers dealing with sensitive information or systems.

Andrew Davies, digital health lead at the Association of British HealthTech Industries, which represents suppliers to the health-care industry, said that initiatives such as this are vital for promoting cybersecurity standards.

“As a sector that is constituted by over 90% of small and medium-sized businesses, we welcome the opportunity to access government funding and NCSC expertise,” he said.

Companies aren’t able to express interest in receiving this funding. Rather, it is being granted to companies that have been identified by the government as being vital to pandemic response efforts, a government official said.

The selected companies will be able to work with a consultant from the program, which is led by the NCSC, to assess security risks and draw up business continuity plans.

“It’s important, in principle, that the government do all it can, because there are literally tens of thousands of small companies in the sector, and some of them might need this sort of assistance,” said Martin Sawer, executive director of the Healthcare Distribution Association, a trade body for pharmaceutical distributors in the U.K.

The British government has in recent years grown concerned that the health-care sector is vulnerable to cyberattacks, particularly after a 2017 ransomware attack on the National Health Service that cost almost $120 million to fix, according to the Department of Health and Social Care. British cybersecurity officials have stepped up efforts to protect virus-related work at over a dozen universities that they have identified as critical players in responding to the coronavirus pandemic.

Smaller companies in the medical supply chain can be particularly at risk due to a lack of technical expertise, said Mark Roscrow, chairman of the Health Care Supply Association, which represents NHS procurement specialists.

“What we are keen on is that companies have that level of security at the best level it can be, because if their provision of service is disrupted, that impacts on the contracts that we’ve awarded, which then has a direct impact on patient care,” he said.

Write to James Rundle at james.rundle@wsj.com


Source: Wall Street Journal

Author: James Rundle