1. How many cyber-attacks has your organization been subjected to over the past five years? Please can you break this down by year.
2. Which types of cyber-attacks was your trust subjected to over the past five years, i.e. DDoS, SQL injection, phishing. Please can you break this down by year.
3. Has there been loss of data in any of the cyber attacks? If so, what type of data was breached (i.e. Personal Identifiable Information, intellectual property, etc.)
The Royal Surrey County Hospital NHS Foundation Trust is withholding the requested information under exemption Section 24 (1) – National Security of the Freedom of Information Act. Section 24 is a qualified exemption and the Trust is required to assess as objectively as possible whether the balance of public interest favours disclosing or withholding the information. The Trust acknowledges that there is a general public interest in disclosure. However, the view of the Trust that Section 24 exemption pertains to the above questions is based on the judgement that by providing the specific details requested would highlight information which could be used to exploit any vulnerabilities which, in turn, could potentially endanger national security.