‘Boots on the ground’ – NHS signs £3m in deals for cyber incident support


Just days before London hospitals suffered one of the worst health service cyber incidents since WannaCry, NHS England awarded a duo of deals to create a central security response team

NHS England has spent £3m on a duo of contracts intended to provide a squad of expert “boots on the ground” to help organisations across the health service respond to cyberattacks.

On 15 May, the national body signed a deal with KPMG. A week later, a second agreement was put in place with Deloitte.

The two engagements appear identical, and each covers “cyber incident response” services. The contracts run for a period of two years, with expected spending of up to £1.5m apiece.

The professional services companies – which represent half of the so-called ‘big four’ accounting and consulting firms – will collectively provide a centralised team that will, when required, be directed to support NHS entities that have suffered a cyberattack or other form of technical security incident.

“These services are to provide a Cyber Incident Response Team (CIRT) to NHS England and other organisations in the NHS ecosystem during cyber incidents,” the contract notices say. “The CIRT provides ‘boots on the ground’ support to investigate and recover from cyber incidents.”


Related content


The deals came into effect just a matter of days before two major NHS trusts – treating a collective total of 10,000 patients each day in hospital and care facilities across London – were impacted by one of the worst cyber incidents to affect the health service since the WannaCry attack of 2017.

As with WannaCry, the incident earlier this month was a ransomware assault – which was perpetrated on Synnovis, a joint venture providing pathology services to Guy’s and St Thomas’ and King’s College NHS trusts.

More than a week after the incident was detected, the trusts continue to experience disruption to frontline services. While some procedures have been cancelled as a result of the attack, patients are currently advised to attend scheduled appointments unless advised otherwise – but those attending A&A are warned that of increased delays due to difficulties obtaining blood test results.

NHS leaders in Scotland, meanwhile, have also faced a cyber emergency in recent weeks, after a serious attack suffered by the health board in Dumfries and Galloway. Following the incident, attackers have published on the dark web what is understood to be a large volume of patient data – in what managers have described as “an abhorrent criminal act”.

Sam Trendall

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *