The letter acknowledges the increasing sophistication of cyber threats, particularly the growing prevalence of ransomware attacks targeting NHS supply chains. In response, a coordinated response is needed from all partners, the letter says.
The charter outlines eight core principles that suppliers are expected to meet. These include the implementation of multi-factor authentication (MFA) across suppliers' systems and the execution of cyber response exercises at board level to ensure preparedness and resilience.
In recognition of the commitment from suppliers, NHS England and the DHSC have pledged to:
- work collaboratively with suppliers in shaping national policies and regulatory frameworks that affect NHS supply chains
- support NHS providers in making informed procurement decisions by improving their awareness of cyber security standards and the importance of working with security conscious suppliers
- provide assistance to NHS organisations during cyber incidents and promote a Just Culture.
The letter – which is signed by DHSC's national chief information security officer for health and care Phil Huggins, NHS England director of cyber operations Mike Fell and NHS England national director of transformation Vin Diwakar – says: ‘We are here to support our suppliers every step of the way. We will be launching a series of webinars over the coming months and building a supplier forum for cyber security in the autumn.'
‘We will continue to engage with suppliers on our work and policies, which will include issuing further communications including details of the upcoming charter and future engagements,' the letter adds.
