NHS England and DHSC open letter on supplier cyber resilience
Public Sector Action
Summary
Hide ▲
Show ▼
NHS England and the DHSC issued an open letter on January 22 directing more proactive supplier engagement to improve cybersecurity resilience across healthcare and social care supply chains. The move builds on the voluntary cybersecurity supply chain charter and responds to an “endemic” of ransomware attacks against health services. The letter says the program is not an audit or pass/fail exercise, but a risk-reduction effort focused on proportionate remediation and service continuity.
Related Happenings
NCSC-led NHS cyber resilience program
Public Sector Action
First: 20.04.2026 12:30
Last: 20.04.2026 12:30
Sources 1
About this happening:
The **UK National Cyber Security Centre (NCSC)** has outlined an **ongoing cyber resilience plan** for the **National Health Service (NHS)**, with the effort aimed at reducing ris...
NCSC-led NHS cyber resilience program
Public Sector ActionAbout this happening: The **UK National Cyber Security Centre (NCSC)** has outlined an **ongoing cyber resilience plan** for the **National Health Service (NHS)**, with the effort aimed at reducing ris...
UK NCSC issues Middle East indirect-risk guidance on monitoring, MFA, backups, and contingency planning
Defensive Guidance
First: 02.03.2026 17:00
Last: 02.03.2026 17:00
Sources 1
About this happening:
The **UK NCSC** issued guidance for organizations with **Middle East exposure**, urging immediate controls to reduce spillover risk from the regional escalation. The recommended r...
UK NCSC issues Middle East indirect-risk guidance on monitoring, MFA, backups, and contingency planning
Defensive GuidanceAbout this happening: The **UK NCSC** issued guidance for organizations with **Middle East exposure**, urging immediate controls to reduce spillover risk from the regional escalation. The recommended r...
NCSC alert for UK CNI severe cyber threats
Public Sector Action
First: 10.02.2026 13:50
Last: 10.02.2026 13:50
Sources 1
About this happening:
The **NCSC** issued an alert telling **critical national infrastructure (CNI) providers** to **act now** against **severe cyber threats**, aiming to reduce the risk of disruptive...
NCSC alert for UK CNI severe cyber threats
Public Sector ActionAbout this happening: The **NCSC** issued an alert telling **critical national infrastructure (CNI) providers** to **act now** against **severe cyber threats**, aiming to reduce the risk of disruptive...
RedVDS takedown with US, UK and Europol support
Law Enforcement
First: 14.01.2026 18:32
Last: 14.01.2026 18:32
Sources 1
About this happening:
**Microsoft** said it took **coordinated legal action** in the **U.S. and U.K.** to disrupt **RedVDS**, seizing **redvds[.]com** and related infrastructure with support from **Eur...
RedVDS takedown with US, UK and Europol support
Law EnforcementAbout this happening: **Microsoft** said it took **coordinated legal action** in the **U.S. and U.K.** to disrupt **RedVDS**, seizing **redvds[.]com** and related infrastructure with support from **Eur...
UK Government Cyber Action Plan and public-sector cyber defense launch
Public Sector Action
First: 07.01.2026 14:15
Last: 07.01.2026 14:15
Sources 1
About this happening:
The **United Kingdom** launched the **Government Cyber Action Plan**, backed by **more than £210 million ($283 million)**, to harden **public-sector cyber defenses** and reduce di...
UK Government Cyber Action Plan and public-sector cyber defense launch
Public Sector ActionAbout this happening: The **United Kingdom** launched the **Government Cyber Action Plan**, backed by **more than £210 million ($283 million)**, to harden **public-sector cyber defenses** and reduce di...
Timeline
-
23.01.2026 16:37 2 articles · 4mo ago
NHS England and DHSC issue supplier cyber resilience open letter
Legal Policy Action UpdateNHS England and the Department of Health and Social Care issued an open letter to suppliers to proactively improve cybersecurity resilience across healthcare and social care, shifting from the voluntary cybersecurity supply chain charter toward more direct, proportionate engagement on supplier risk. The letter says contracting authorities will contact suppliers about key cybersecurity controls and supply chain risks to patient care or operational continuity, and it sets expectations for keeping systems supported and patched, maintaining 'Standards Met' in the Data Security and Protection Toolkit (DSPT), applying multi-factor authentication (MFA), deploying monitoring and logging, ensuring backups that cannot be changed with tested recovery plans, and conducting board-level exercising.
Show sources
- NHS Issues Open Letter Demanding Improved Cybersecurity Standards from Suppliers — www.infosecurity-magazine.com — 23.01.2026 16:37
- NHS Issues Open Letter Demanding Improved Cybersecurity Standards from Suppliers — www.infosecurity-magazine.com — 23.01.2026 16:37
-
23.01.2026 16:37 1 articles · 4mo ago
Public reporting on the NHS supplier cyber resilience program
Initial DisclosurePublic reporting on January 23 framed the NHS England and DHSC open letter as a response to the 'endemic' of ransomware attacks against health services and as a step to strengthen proactive risk management across essential NHS services, including the supply chain. The reporting also noted that the Cyber Security and Resilience Bill and the recently published Government Cyber Action Plan reinforce the need for stronger supplier controls and resilience measures.
Show sources
- NHS Issues Open Letter Demanding Improved Cybersecurity Standards from Suppliers — www.infosecurity-magazine.com — 23.01.2026 16:37