GCHQ powers to access NHS IT systems is extended

  • 3 September 2021
GCHQ powers to access NHS IT systems is extended

The UK’s intelligence and security organisation powers to access information from NHS IT systems has been extended.

Government Communication Headquarters (GCHQ) was granted additional powers by former health secretary, Matt Hancock, in April 2020 in order to allow the organisation to request anything “relating to the security of any network and information system”.

The powers were due to remain in place until December 2020 but were extended, and have since been extended again to last until December 31 2021.

A direction, signed by the health secretary, states during the Covid-19 crisis “the network and information systems held by or on behalf of the NHS in England, or those bodies which provision public health services in England, must be protected to ensure those systems continue to function to support the provision of services intended to address coronavirus”.

The attempt to bolster cyber security during the pandemic allows GCHQ to request information held by or on behalf of the NHS and supports the provision of NHS services related to coronavirus for the purpose of “supporting and maintaining the security of any network and information system”.

The powers also cover networks and information systems which, if their security is impaired, affects the ability of the NHS to provide Covid-19 services.

A National Cyber Security Centre spokesperson confirmed there had been no changes to the directions given to GCHQ since the powers were granted in April 2020.

“This is part of our ongoing commitment to protect health services during the coronavirus pandemic,” they said.

“We have no desire to receive any patient data, and the directions do not seek to authorise this.”

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Two more Liverpool hospitals impacted by Alder Hey cyber attack

Two more Liverpool hospitals impacted by Alder Hey cyber attack

Alder Hey Children's NHS Foundation Trust has announced that the cyber attack it suffered last week has impacted two more hospitals.
Major cyber security incident declared at Merseyside hospital

Major cyber security incident declared at Merseyside hospital

A “major incident” has been declared at Wirral University Teaching Hospital NHS Foundation Trust “for cyber security reasons”.
Barts Health rolls out Cynerio cyber security platform

Barts Health rolls out Cynerio cyber security platform

Barts Health NHS Trust has rolled out Cynerio’s healthcare-focused cyber security platform across all of its sites.