GCHQ powers to access NHS IT systems is extended

  • 3 September 2021
GCHQ powers to access NHS IT systems is extended

The UK’s intelligence and security organisation powers to access information from NHS IT systems has been extended.

Government Communication Headquarters (GCHQ) was granted additional powers by former health secretary, Matt Hancock, in April 2020 in order to allow the organisation to request anything “relating to the security of any network and information system”.

The powers were due to remain in place until December 2020 but were extended, and have since been extended again to last until December 31 2021.

A direction, signed by the health secretary, states during the Covid-19 crisis “the network and information systems held by or on behalf of the NHS in England, or those bodies which provision public health services in England, must be protected to ensure those systems continue to function to support the provision of services intended to address coronavirus”.

The attempt to bolster cyber security during the pandemic allows GCHQ to request information held by or on behalf of the NHS and supports the provision of NHS services related to coronavirus for the purpose of “supporting and maintaining the security of any network and information system”.

The powers also cover networks and information systems which, if their security is impaired, affects the ability of the NHS to provide Covid-19 services.

A National Cyber Security Centre spokesperson confirmed there had been no changes to the directions given to GCHQ since the powers were granted in April 2020.

“This is part of our ongoing commitment to protect health services during the coronavirus pandemic,” they said.

“We have no desire to receive any patient data, and the directions do not seek to authorise this.”

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Barts Health rolls out Cynerio cyber security platform

Barts Health rolls out Cynerio cyber security platform

Barts Health NHS Trust has rolled out Cynerio’s healthcare-focused cyber security platform across all of its sites.
How to equip NHS staff with cyber security skills they will use

How to equip NHS staff with cyber security skills they will use

Too often, cyber security training is a seen as a burden. But it is possible to make it relevant and useful, writes Nasser Arif.
Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside Integrated Care System has selected a healthcare cyber security platform from Cynerio to strengthen its defences.