Next WannaCry a case of ‘when’, not ‘if’, says DHSC’s Katie Farrington, as she starts quest for deputy
The Department of Health and Social Care is on the hunt for someone to lead a £200m programme to sharpen its cyber security resilience in the wake of last year’s high-profile WannaCry attack that crippled some NHS trusts.
More than 150 countries were hit by the WannaCry ransomware attack last May, and the incident represented the biggest cyber-attack to affect the NHS in its history. A report by the National Audit Office spending watchdog found that more than a third of NHS trusts in England were affected by the ransomeware, with almost 7,000 appointments shelved as a result.
Related articles
Has the NHS sacrificed cybersecurity for convenience?
WannaCry NHS attack – busting the myths
The DHSC is now recruiting for a new deputy director for cyber security, and DHSC’s director for digital, data and primary care Katie Farrington said the 2017 attack showed the need for the health service to stay one step ahead.
“Cyber-attacks are an increasing global threat and the health and care system’s growing dependency on technology means its risk profile is also increasing,” she said.
“There are regular attacks impacting different sectors and different countries around the world and the NHS has faced a number of cyber-attacks recently. The May 2017 WannaCry ransomware attack was the largest of its kind and while it was not the target, WannaCry hit the NHS. With the question of the next large-scale attack being more a case of ‘when’ than ‘if’, there is a growing need for the health and care system to remain resilient against attack and to protect patient data and patient care.”
The deputy director will report directly to Farrington in the DHSC, but the advert makes clear that the role – which is expected to command a salary of around £75,000 for external hires – will involve significant cross-government work.
The job specification says the new hire will have “leadership and responsibility for overseeing” a £200m programme to boost data and cyber security resilience, working “across Her Majesty’s Government to ensure the development of credible and effective government policy and assure effective programme delivery of a cyber security programme across Arms Length Bodies (ALBs)”.
According to the DHSC, the successful applicant will be expected to lead a “system response” to high profile incidents, and will work closely with Whitehall’s dedicated National Cyber Security Centre to mitigate cyber threats.
“You will build and maintain excellent relationships with other government departments and our ALBs to ensure delivery of both new and existing commitments, challenging effectively and holding to account where necessary,” it says.
The DHSC’s pick for the job will also be expected to put the key recommendations of chief information officer William Smart’s review of the WannaCry response into action across the health service. Smart’s review, published in February, called for “senior leadership and board level accountability for cyber security” in every health and care organisation, and said the attack had “made clear the need for the NHS to step up efforts with cyber security so that every possible protection is taken to defend against a future attack”.
The department says the ideal candidate – who will be given the option of working either from the DHSS’s London or Leeds offices – should be a “strong corporate and team leader” and have “the credibility and ability to build excellent relationships” regardless of “organisational boundaries”.
In a nod to the cross-government nature of the role, the DHSC also says the candidate should have “good knowledge and understanding of HM Government coupled with an ability to confidently navigate Whitehall”.
Those looking to apply have until April 22nd to put themselves forward, with shortlisting, assessment days and interviews set to take place in May.
