Chris Ibell, CDIO at Staffordshire and Stoke-on-Trent ICB, offered an update on the cyber security status at the ICB’s latest meeting, outlining the cyber risk to its organisations, and sharing plans to focus on an integrated care system approach to incident response planning.
The update follows a cyber crisis simulation event, ICB board development sessions and cyber security workshops over the past year. The cyber simulation event identified 22 actions, the update notes, focusing on processes, plans, and the need for colleagues to “continue to embed an ICS approach to threat mitigation and incident response”.
The approach currently in use is an integrated ICS model for cyber security management, the update shares, led by its ICS Security Operations Centre running 24/7. This currently supports organisations including Staffordshire Council, Midlands Partnership University, University Hospitals of North Midlands, North Staffordshire Combined Healthcare, and Stoke Council. This SOC runs a standardised vulnerability scanning and patching service, the update continues, as well as conducting gap analysis to identify areas for improvement, and focusing on standardising reporting metrics.
Ibell also presents the ICB’s plans around incident response planning, noting specifically its move to coordinate information governance, emergency preparedness, resilience and response (EPRR), and for digital and cyber colleagues from across the system to “address actions”.
A draft has reportedly been submitted of the ICS’s cyber security strategy to 2030, with the final version expected to be delivered imminently. To read the board papers in full, please click here.
Best practices in cyber security: plans and priorities from across the NHS
We were joined for a recent HTN Now webinar focusing on sharing best practices around cyber security, by an expert panel including Neill Crump, digital strategy director at The Dudley Group NHS Foundation Trust; Nasser Arif, cyber security manager at London North West Healthcare NHS Trust and Hillingdon Hospitals NHS Foundation Trust; and Martin Knight, privileged access management at Imprivata. The session focused on key considerations for NHS organisations in their approach to cyber security, assessing cyber security maturity, good cyber security practice, the challenges in this area and tips to overcome them.
The European Commission recently published an EU action plan developed to guide hospitals and healthcare providers in increasing their cyber security. Referring to the plan as “an important step in shielding the healthcare sector from cyber threats”, the commission focuses on enhancing threat detection, preparedness and response capabilities of hospitals and health providers.
North West London ICS’s latest board meeting shared insights into the developments in the region, including challenges around cyber resilience, digital in primary care, an update on its digital programmes and progress towards integrated neighbourhood teams. The ICB noted its application for £1.15 million in NHSE Cyber Risk Reduction funding not yet received, the ongoing development of NWL’s cyber strategy with a target completion date of the end of the financial year, continued progress around the London Shared Care Record and optimisation work around its acute provider EPR.