Cyber Security Strategy for Health and Adult Social Care to 2030 – Blog

Cyber Security Strategy for Health and Adult Social Care to 2030 – Blog

Blog from Phil Huggins, National CISO For Health & Social Care, Joint Digital Policy and Strategy Unit,  NHS Transformation Directorate |  DHSC

I am incredibly happy to announce the publication the Cyber Security Strategy for Health and Adult Social Care to 2030. It has been a long journey to reach this milestone and I am pleased that we can now share our joint approach to tackling cyber security risk across the adult social care system.

With a direct focus on adult social care, this strategy builds on success through our community-led approach for cyber security. Working with the sector, and in lockstep with its digital journey, we will continue to address the sector’s specific challenges and respect its organisations’ independence and diversity. Using a community–led approach we intend to mainstream adult social care across some of our central cyber functions.

This is just the beginning, and it is important to me that we work together so that you can understand the detail of the model and that you are empowered to deliver its proposals.

A unified and collaborative approach is key to improving sector-wide cyber security, ensuring we can ‘defend as one’ across the entire system. We have taken into consideration the complexities of the adult social care system and we recognise that a balanced approach is needed to account for specific needs and varying cyber capabilities while defending as one. We want to work with you to ensure we move forwards together.

This ambitious strategy envisages a health and social care sector that is resilient to cyber-attack. Shaping a common purpose and language for tackling cyber risk, this strategy is for everyone working in the health and adult social care sector and for the wider public who rely on those vital services. Improved cyber resilience will assure availability of services, protect valuable data, enable quicker response and recovery when attacks do occur, and increase public trust. As such, cyber security is a foundational business need to ensuring patient and service user safety.

The strategy docks under the Government Cyber Security Strategy 2022 to 2030, whilst also cross-referencing the aims and learnings from strategies and reports such as, but not limited to, Data Saves Lives, A Plan for Digital Health and Care. It builds on the success of the community led approach for cyber security that has been developed through the Better Security, Better Care programme. It speaks to the importance of cyber security in underwriting public trust in digital services and technologies and the significance of this public trust for innovation.

The strategy sets out five complementary pillars to achieve this vision, with an approach that will be applicable across health and social care systems including for adult social care, primary care, and our critical supply chain as well as for secondary care. The five pillars are:

  • focus on greatest risks and harms
  • defend as one
  • people and culture
  • build secure for the future
  • exemplary response and recovery

Working collaboratively with national and regional teams, Better Security Better Care’s local support organisations, integrated care systems, health and care leaders, and cyber security staff, and in accordance with the roles and responsibilities set under each pillar, together we can be confident in achieving these outcomes. While this is a strategy to 2030, it contains specific deliverables to 2025 and will be accompanied in Summer 2023 by a published implementation plan setting out activity for the next 2 to 3 years to make improvements across the four Cyber Assessment Framework objectives.

I look forward to continuing to build our relationships across the adult social care sector as we turn to implementation of our vision. If you have any questions, please reach out to [email protected]




Photo by JESHOOTS.COM on Unsplash

Back to News