NHS England has introduced a new cybersecurity charter, urging its suppliers to commit to stronger security measures amid a surge in ransomware attacks.
In a letter addressed to its vendors, NHS England warned of the rising severity and frequency of cyber incidents across its network. The charter outlines eight core security commitments that suppliers must adopt to better safeguard healthcare services.
Mike Fell, NHS England’s Director of Cyber, emphasized the urgency of collaborative action in a LinkedIn post, stating, “The complexity of cybersecurity and our supply chain, combined with the UK’s persistent cyber threats, means we must work together to protect care delivery.”
Suppliers signing the charter are expected to keep their systems up to date with the latest patches and achieve at least ‘Standards Met’ on the Data Security and Protection Toolkit (DSPT). They must also implement multi-factor authentication (MFA) and ensure MFA features are available in their own products.
The initiative also stresses infrastructure security, calling for round-the-clock cyber monitoring and detailed logging of critical IT systems. Suppliers are encouraged to maintain immutable backups of vital data, plan for rapid recovery, and conduct board-level response drills to enhance incident preparedness.
In the event of a breach, suppliers must report swiftly, coordinate with NHS England, and comply with all regulatory obligations. Additionally, software providers are required to align with the DSIT and NCSC’s software code of practice, covering secure design, development, deployment, and customer communication.
NHS England is supporting compliance by creating tools to help identify critical suppliers, drafting national requirements for supplier management, and refining its contractual frameworks to include specific security clauses. A self-assessment form will be introduced later this year, with webinars and a cybersecurity forum planned for autumn.
This move follows several major supply chain cyber attacks, including last year’s ransomware incident targeting Synnovis, which severely disrupted services at NHS King’s College and Guy’s and St Thomas’.
The launch of this charter also sets the stage for the upcoming Cyber Security and Resilience Bill, which aims to strengthen digital and infrastructure security across essential UK services.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: ITPro.com
