Government funding available for healthcare entities to boost cyber security

United KingdomScotland

On 10 September 2020, as part of London Tech Week, Digital Infrastructure Minister Matt Warman announced new funding for small and medium sized businesses, such as medical suppliers and primary care providers, to improve cyber security. The funding comes in response to the heightened cyber threat to healthcare businesses with the hope that it will help those playing a vital role in the pandemic response to remain vigilant.

Why?

The funding programme comes as the National Cyber Security Centre (NCSC) identified an increased threat to the UK health sector in light of the pandemic, with sensitive personal data, trade secrets and intellectual property being the subject of attacks. The NCSC and the US Cybersecurity and Infrastructure Security Agency (CISA) have also recently warned about large scale ‘password-spraying’ campaigns against health sector businesses.

Despite progress in recent years, 46% of businesses have suffered a cyber breach or attack in the last year and 32% experience cyber breaches or attacks at least once a week according to the Cyber Security Breaches Survey 2020.

What?

Selected small and medium-sized businesses identified by the government as critical to the response to COVID-19 (such as medical suppliers and primary care providers) are being invited to apply for a slice of the £500,000 funding. Participants in the programme will receive support and guidance to achieve the government’s Cyber Essentials accreditation. This includes training to ensure computers and devices are kept up-to-date and on proper firewall usage and user access controls to manage access to services. Participants may also opt for support from one of the programme’s cyber experts who will look at the organisation as a whole in designing and implementing a business continuity plan after helping to identify cyber security risks. However, funding is limited to this.

Cyber Essentials is a government-backed self-assessment scheme in which organisations assess themselves against five basic security controls and an assessor verifies the information provided by the organisation. The current cost of Cyber Essentials certification is £300 + VAT, but if the applicant is successful this should be covered by the grant. It is also essential to have to bid for some government contracts.

Warman and the NCSC’s Director of Operations have both encouraged all businesses to sign up to the Cyber Essentials scheme.