What Does Scrapping NHS England Mean for Cybersecurity?

Following Sir Keir Starmer’s announcement to scrap NHS England, concerns over cybersecurity have emerged, raising questions about the NHS’s ability to defend against cyberattacks.

NHS England, established in 2013, managed non-frontline healthcare services in England, including training, data collection, and cybersecurity. Its responsibilities included:

• Overseeing cybersecurity assessments
• Managing the NHS Cyber Alert service
• Ensuring action on advisories and remediation plans

What Does This Mean for Cybersecurity?

While the move aims to reduce costs, it could leave the NHS more vulnerable to cybercriminals. Recent investigations into potential API flaws have highlighted the risks of outsourcing and the lack of third-party testing for outsourced systems. Without NHS England’s oversight, these issues may worsen.

Oversight and Implementation Challenges

The NHS Data Security and Protection Toolkit (DSPT) continues to evolve, but without NHS England’s central role, questions arise about compliance and monitoring. Organisations must assess their cybersecurity compliance by June 2025 or risk receiving a “Standard Not Met” status.

The Risk of Fragmentation

Experts, like Graeme Stewart from Check Point Software, warn that the removal of centralised cybersecurity functions risks leaving NHS Trusts with fragmented defences. Each new third-party supplier could create new vulnerabilities, making the system more prone to cyber threats.

In this shifting landscape, ANSecurity’s services provide essential support, offering consultative services that support you to make the right choices to protect data, identify vulnerabilities, and manage threats. As the NHS restructures, expert cybersecurity solutions are vital to maintaining robust defences.