The UK’s National Cyber Security Centre (NCSC) has shared details of an ongoing coordinated plan to improve cyber resilience in the National Health Service (NHS).
Over the past 18 months, government and industry organizations have deepened their collaboration to reduce cyber risk and improve detection, the agency said in a blog post published on 17 April.
It pointed to several pillars underpinning this strategy:
- Piloting new tools and services through the Active Cyber Defence (ACD) 2.0 program
- Enhancing the security of the software supply chain
- Managing vulnerability disclosures and sharing threat intelligence
- Improving visibility to better understand the threat surface and deploy “defensive tradecraft”
- Promoting NCSC tools and services including its Early Warning service, the Cyber Action Toolkit and the Cyber Essentials scheme
Nicholas W. of the NCSC’s National Resilience Directorate explained how the government’s Software Security Code of Practice is already being used by the NHS in procurement to better understand the cyber maturity of suppliers.
The NCSC has also partnered with a healthcare organization, using data science tools to help it understand and prioritize supplier risk. There are plans to expand this initiative, by combining data such as incident history, alert and vulnerability activity from the NCSC Early Warning service with technical indicators including remediation patterns and exposed attack surfaces.
The NCSC highlighted how it has helped NHS England, the NHS Business Services Authority and NHS Scotland to establish internal vulnerability disclosure processes. This is in addition to its own Vulnerability Reporting Service (VRS), which has supported GP surgeries, NHS trusts, ambulance services, acute hospital trusts and health boards since 2019.
Other efforts include:
- The NHS App was the first government-sponsored app to offer passkeys, and more organizations are set to follow suit
- Continued work on External Attack Surface Management (EASM) and deception technology experiments across the sector
- Use of analytics to identify and resolve DNS-related risks
- NCSC Threat Hunting Workshops, which bring together cyber analysts from the sector to tackle real‑world threats, develop defensive playbooks, and strengthen relationships
Why Cyber Resilience Is Critical for the UK Healthcare Sector
The need for resilience building in the UK’s healthcare sector is much needed, given historic incidents.
The WannaCry campaign in 2017 cost the health service an estimated £92m ($118.6m), while a more recent ransomware attack on supplier Synnovis in 2024 led to the cancellation of 1500 operations and appointments and has been linked to the death of a patient.
The NHS was also rocked by a 2022 ransomware attack which struck IT partner Advanced Computer Software Group. That resulted in the theft of data on tens of thousands of individuals and major disruption to patient referrals, out-of-hours appointment bookings, emergency prescriptions and ambulance dispatches.
The key to the NCSC-driven plan for boosting resilience is collaboration across multiple industry and government stakeholders, said Nicholas W.
“Taken together, this work shows what is possible when organizations align around a shared goal. Effort is coordinated rather than duplicated, lessons are reused, and risk is reduced across the system, not just within individual organizations,” he concluded.
“Most importantly, this approach offers a model for other critical sectors. Cybersecurity challenges are too complex for any one organization to tackle alone.”
The UK’s National Cyber Security Centre (NCSC) has shared details of an ongoing coordinated plan to improve cyber resilience in the NHS.
Over the past 18 months, government and industry organizations have deepened their collaboration to reduce cyber risk and improve detection, the agency said in a blog post on Friday.
It pointed to several pillars underpinning this strategy:
- Piloting new tools and services through the Active Cyber Defence (ACD) 2.0 program
- Enhancing the security of the software supply chain
- Managing vulnerability disclosures and sharing threat intelligence
- Improving visibility to better understand the threat surface and deploy “defensive tradecraft”
- Promoting NCSC tools and services including its Early Warning service, the Cyber Action Toolkit and the Cyber Essentials scheme
“Nicholas W” of the NCSC’s National Resilience Directorate explained how the government’s Software Security Code of Practice is already being used by the NHS in procurement to better understand the cyber maturity of suppliers.
The NCSC has also partnered with a healthcare organization, using data science tools to help it understand and prioritize supplier risk. There are plans to expand this initiative, by combining data such as incident history, alert and vulnerability activity from the NCSC Early Warning service with technical indicators including remediation patterns and exposed attack surfaces.
The NCSC highlighted how it has helped NHS England, the NHS Business Services Authority and NHS Scotland to establish internal vulnerability disclosure processes. This is in addition to its own Vulnerability Reporting Service (VRS), which has supported GP surgeries, NHS trusts, ambulance services, acute hospital trusts and health boards since 2019.
Other efforts include:
- The NHS App was the first government-sponsored app to offer passkeys, and more organizations are set to follow suit
- Continued work on External Attack Surface Management (EASM) and deception technology experiments across the sector
- Use of analytics to identify and resolve DNS-related risks
- NCSC Threat Hunting Workshops, which bring together cyber analysts from the sector to tackle real‑world threats, develop defensive playbooks, and strengthen relationships
NHS Under Fire
The need for resilience building in the UK’s healthcare sector is much needed, given historic incidents.
The WannaCry campaign in 2017 cost the health service an estimated £92m, while a more recent ransomware attack on supplier Synnovis in 2024 led to the cancellation of 1500 operations and appointments and has been linked to the death of a patient.
The NHS was also rocked by a 2022 ransomware attack which struck IT partner Advanced Computer Software Group. That resulted in the theft of data on tens of thousands of individuals and major disruption to patient referrals, out-of-hours appointment bookings, emergency prescriptions and ambulance dispatches.
The key to the NCSC-driven plan for boosting resilience is collaboration across multiple industry and government stakeholders, said Nicholas W.
“Taken together, this work shows what is possible when organizations align around a shared goal. Effort is coordinated rather than duplicated, lessons are reused, and risk is reduced across the system, not just within individual organizations,” he concluded.
“Most importantly, this approach offers a model for other critical sectors. Cybersecurity challenges are too complex for any one organization to tackle alone.”