Organisations should appoint a board lead on data security and consider suspending IT access for any executive who fails to complete annual cybersecurity training, NHS England’s chief information officer has suggested.
Will Smart makes the proposals in his “lessons learned” review of the WannaCry attack, which hit 35% of NHS trusts in May last year and led some to divert ambulances from their A&E departments.
The paper includes 22 formal recommendations, many of which are changes at a national level – including the appointment of a chief information and security officer at NHS Digital.
Source: Digital Health
Related article: Every NHS trust tested for cybersecurity has failed, officials admit