NHS cyber-attacks

The request was partially successful.

Dear Dudley Integrated Health and Care NHS Trust,

Please find below a request made under the FOI Act.

How many cyber-attacks (incidents) did your organisation experience in the last 3 years?

If these statistics are available within the cost limit, how many of those incidents involved a) Malware b) Ransomware c) Hacking d) Phishing emails

How many incidents over the last 3 years were reported to the Department of Health and Social Care, whether under the Security of Network and Information Systems Regulations 2018, or otherwise?

How many incidents over the last 3 years resulted in a notification to the Information Commissioner’s Office?

How many incidents over the last 3 years were reported to both DHSC and the ICO?

Thank you in advance for your time.

Yours faithfully,

Nicholas Donovan

FREEDOM-OF-INFORMATION (DUDLEY INTEGRATED HEALTH AND CARE NHS TRUST), Dudley Integrated Health and Care NHS Trust

Dear Nick,

FOI21-5517 Request regarding cyber attacks
Thank you for your Freedom of Information request we are now investigating the nature of the search and the quantity of information requested. Under the terms of the Freedom of Information Act it is expected to respond to requests in 20 working day.

Please be aware there are a number of exemptions within the Act which could stop the release of information. The information will be assessed for these exemptions prior to us releasing the information to you. We will advise you if we are unable to provide the information requested and will confirm the exemption used.

In addition to this, please note that there may be a cost associated to your request in line with section 12 of the Act. If there is a cost associated with your request we will contact you and explain the cost.

In accordance with section 12 of the Freedom of Information Act 2000 where multiple requests for information are received from one person or by different persons who appear to be acting in together in a single campaign the estimated cost of complying with any of the requests is to be taken to be the estimated total cost of complying with all of them. To this effect your requests for information will be dealt with under the single reference number above.

If you have any queries I would be grateful if you would contact me so that we can discuss the issues. Details of the complaints procedure will be sent to you should you wish to see them. Please remember to quote the reference number above in any future communications.

If you are not content with the outcome your complaint, you may apply directly to the Information Commissioner for a decision. Generally, the ICO cannot make a decision unless you have exhausted the complaints procedure provided by the Trust. The Information Commissioner can be contacted at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Yours sincerely

Information Governance Team
Email: [DIHC request email]
Tel: 0121 612 8017
Dudley Integrated Health and Care NHS Trust

show quoted sections

FREEDOM-OF-INFORMATION (DUDLEY INTEGRATED HEALTH AND CARE NHS TRUST), Dudley Integrated Health and Care NHS Trust

 FOI21-5517

Thank you for your recent Freedom of Information request on the above
subject. We have completed our search for information and the details are
as follows:

 

Please find below a request made under the FOI Act.

 

 

How many cyber-attacks (incidents) did your organisation experience in the
last 3 years?

The service is provided under SLA via Dudley Group NHS FT and therefore we
ask you forward your request directly to them as any attacks would be
within the Dudley Group Network.

 

 

If these statistics are available within the cost limit, how many of those
incidents involved a) Malware b) Ransomware c) Hacking d) Phishing emails:

 

The service is provided under SLA via Dudley Group NHS FT and therefore we
ask you forward your request directly to them as any attacks would be
within the Dudley Group Network.

 

 

How many incidents over the last 3 years were reported to the Department
of Health and Social Care, whether under the Security of Network and
Information Systems Regulations 2018, or otherwise? None

 

 

How many incidents over the last 3 years resulted in a notification to the
Information Commissioner’s Office? None

 

 

How many incidents over the last 3 years were reported to both DHSC and
the ICO? None

 

The full Freedom of Information Act 2000 is available on the legislation
website via the following link:
[1]http://www.legislation.gov.uk/ukpga/2000.... The Trust is
regarding this response as a full and complete discharge of its
responsibilities under the Freedom of Information Act 2000 in relation to
this request. I trust it fulfils your requirements but should you have any
concerns please do not hesitate to contact me and I will attempt to
resolve your issues.

 

In the event you pursue a complaint/investigation and are not content with
the outcome, you have the option to apply directly to the Information
Commissioner for a decision. Generally, the ICO cannot make a decision
unless you have exhausted the complaints procedure provided by the Trust.
The Information Commissioner can be contacted at: The Information
Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9
5AF.

 

Yours sincerely

 

Information Governance Team

Email: [2][DIHC request email]

Tel: 0121 612 8017

Dudley Integrated Health and Care NHS Trust

 

show quoted sections