Looking for scrubs? Nah, NHS wants white hats – the infosec techie kind

The UK's National Health Service will pay white hat hackers up to £20m to protect its IT systems, it announced today.

NHS Digital is looking to make a deal with consultants to create a security operations centre, which it says will ensure the safety of staff and patient data nationwide.

Speaking to The Telegraph, NHS Digital said the contract "will provide access to extra specialist resources during peak periods and enable the team to proactively monitor the web for security threats and emerging vulnerabilities."

This comes against the backdrop of the Wannacry ransomware attack in May this year, which demonstrated the NHS' lack of preparedness for dealing with a large attack across several locations at once.

An investigation by the Chartered Institute for IT concluded that it was a lack of accountability and investment which led to the attack, while the National Audit Office said the NHS had failed to respond to early warnings about potential threats, and that the attack "could have been prevented by the NHS following basic IT security best practice".

The new unit will be initially tasked with protecting the systems proactively, by hunting down vulnerabilities in NHS Digital's network, then searching for weaknesses in individual hospitals' cyber defences if necessary.

In another move to improve its effectiveness during major incidents, NHS Digital launched cyber security text alerts for its staff last week. It will be used by cybersecurity response team CareCERT can update staff members during high level attacks. ®

The NHS has pointed out that the "new investment will boost the existing services provided by NHS Digital in this space".