iconimage - stock.adobe.com
NHS Digital has hired its first chief information security officer (CISO), Robert Coles, who will lead on cyber security across the entire health and care sector.
Coles, who will start his new job in October 2018, has spent the past four years as CISO for GlaxoSmithKline, and previously held similar roles at National Grid and Merrill Lynch.
The appointment follows the lessons learned in a review of the WannaCry ransomware attack, which called for NHS Digital to appoint a CISO to report directly to the NHS Digital CIO.
“The role will lead national cyber working groups, help inform policy and drive improvements and standardisation,” the report said.
Commenting on the appointment, NHS Digital deputy CEO Rob Shaw said the organsiation had listened to the recommendations made in the review and had “acted on the commitment we made to the Public Accounts Committee [PAC] to appoint someone to lead the national cyber and security agenda for health and care”.
Shaw added: “Robert will build on the excellent work the NHS Digital Data Security Centre has already done to reach out across the health and care sector to support improved cyber security across the system.
“Bringing Robert on board allows NHS Digital to continue to strengthen our relationship with the wider health and care sector by ensuring we have the best expertise to protect them from cyber security threats.”
In February this year, Shaw admitted to the PAC that, at the time, all 200 NHS trusts that had been assessed for cyber security resilience had failed their assessments, and the “lessons learned” report found that the crippling WannaCry attack could have been prevented if the NHS had followed basic IT security best practice.
Read more about cyber security in the NHS
- NHS Digital deputy CEO Rob Shaw told Public Accounts Committee that all 200 trusts assessed for cyber security, both before and after the WannaCry attack, have failed their assessments.
- NHS Digital’s head of security talks about the security landscape in the NHS and why it led to extra challenges when the WannaCry cyber attack hit the NHS in May 2017.
- Lessons-learned report on ransomware attack calls for local NHS organisations to put cyber security bosses on their boards and consider suspending IT access to staff who have not completed cyber security training.
In his role, Coles will work with local health and care organisations, their CEOs and CIOs to ensure they meet the government’s minimum cyber security standards and Cyber Essentials Plus (CE+) certification.
Shaw said: “We are determined to ensure that cyber security becomes a priority right across the health and care sector, from front-line staff all the way up to board level, and believe Robert has the skills and knowledge to help us achieve this.”
Earlier this year, NHS Digital signed a three-year partnership with IBM to bolster its cyber security capabilities and expand its cyber security operations centre.
Dan Taylor, programme director for NHS Digital’s data security centre, said at the time that the partnership would enable the organisation to “draw on a pool of dedicated professionals from IBM” when required.