Department of Health seeks leader for £200m post-WannaCry cyber security push

Written by Public Technology Staff on 28 March 2018 in News

Next WannaCry a case of ‘when’, not ‘if’, says DHSC’s Katie Farrington, as she starts quest for deputy

The Department of Health and Social Care is on the hunt for someone to lead a £200m programme to sharpen its cyber security resilience in the wake of last year’s high-profile WannaCry attack that crippled some NHS trusts.

More than 150 countries were hit by the WannaCry ransomware attack last May, and the incident represented the biggest cyber-attack to affect the NHS in its history. A report by the National Audit Office spending watchdog found that more than a third of NHS trusts in England were affected by the ransomeware, with almost 7,000 appointments shelved as a result.

Related articles

Sheffield NHS trust ICT chief: ‘WannaCry was opportunistic; a concerted attack is what keeps me awake at night’

Has the NHS sacrificed cybersecurity for convenience? 

WannaCry NHS attack - busting the myths


The DHSC is now recruiting for a new deputy director for cyber security, and DHSC’s director for digital, data and primary care Katie Farrington said the 2017 attack showed the need for the health service to stay one step ahead.

“Cyber-attacks are an increasing global threat and the health and care system’s growing dependency on technology means its risk profile is also increasing,” she said. 

“There are regular attacks impacting different sectors and different countries around the world and the NHS has faced a number of cyber-attacks recently. The May 2017 WannaCry ransomware attack was the largest of its kind and while it was not the target, WannaCry hit the NHS. With the question of the next large-scale attack being more a case of ‘when' than ‘if', there is a growing need for the health and care system to remain resilient against attack and to protect patient data and patient care.”

The deputy director will report directly to Farrington in the DHSC, but the advert makes clear that the role - which is expected to command a salary of around £75,000 for external hires - will involve significant cross-government work.

The job specification says the new hire will have “leadership and responsibility for overseeing” a £200m programme to boost data and cyber security resilience, working “across Her Majesty's Government to ensure the development of credible and effective government policy and assure effective programme delivery of a cyber security programme across Arms Length Bodies (ALBs)”.

According to the DHSC, the successful applicant will be expected to lead a “system response” to high profile incidents, and will work closely with Whitehall’s dedicated National Cyber Security Centre to mitigate cyber threats. 

“You will build and maintain excellent relationships with other government departments and our ALBs to ensure delivery of both new and existing commitments, challenging effectively and holding to account where necessary,” it says.

The DHSC's pick for the job will also be expected to put the key recommendations of chief information officer William Smart's review of the WannaCry response into action across the health service. Smart's review, published in February, called for “senior leadership and board level accountability for cyber security” in every health and care organisation, and said the attack had “made clear the need for the NHS to step up efforts with cyber security so that every possible protection is taken to defend against a future attack”.

The department says the ideal candidate - who will be given the option of working either from the DHSS's London or Leeds offices - should be a "strong corporate and team leader" and have "the credibility and ability to build excellent relationships" regardless of "organisational boundaries”.

In a nod to the cross-government nature of the role, the DHSC also says the candidate should have "good knowledge and understanding of HM Government coupled with an ability to confidently navigate Whitehall".

Those looking to apply have until April 22nd to put themselves forward, with shortlisting, assessment days and interviews set to take place in May.

Share this page



Please login to post a comment or register for a free account.


0Laf (not verified)

Submitted on 28 March, 2018 - 12:14
£75k might seem a lot of money but for a senior cyber security role operating at those levels with a massive amount of responsibility in a critical national service it's really not that much. I don't think they'll get the calibre of applicant necessary for the role offering that sort of money.

Related Articles

Windrush scandal fallout sees Home Office suspend data-sharing activities
13 July 2018

Department to take three-month break from ‘proactive data sharing’ with other government agencies, as well as restricting data shared with financial institutions

Why GDS is still losing the ‘parlour game’ of government
12 July 2018

Martha Lane Fox and Mike Bracken, two of the key figures in the creation of GDS, believe the organisation remains stymied by major barriers in both the civil service and parliament...

Related Sponsored Articles

Don’t Gamble with your password resets!
20 June 2018

The cautionary tale of the Leicestershire teenager who hacked high-ranking officials of NATO allies shows the need for improved password security