1. Does your organisation adhere to the Network Security guidance outlined by the National Cyber Security Centre, within its ’10 Steps to Cyber Security’?

No – Royal Surrey County Hospital NHS Foundation Trust are creating process to comply with NSG

2. Do you ensure that security patches for critical vulnerabilities are routinely patched within 14 days, as recommended by the National Cyber Security Centre? The Royal Surrey County Hospital NHS Foundation Trust is withholding this information under Section 38 (Health and Safety) of the Freedom of Information Act. The Trust accepts that there is a public interest in how the public purse is spent. However, there is also a need to withhold any information that would compromise the safety of the Trust security team carrying out their role. Moreover, the disclosure of this information could encourage crime and could also put patients and staff at serious risk. In assessing the public interest, the Trust takes the view that Section 38 pertains to this request and that the public interest is best served by withholding the information.

3. Have you suffered from any service outages on your network in the last two years, however small?

Yes

4. Did any of these outages cause a loss, reduction or impairment to your organisation’s delivery of essential services?

Yes

5. Was the root cause of the service outage identified and confirmed – at the time or afterwards?

Yes

6. Is it possible that any service outages you have suffered in the last two years was caused by a cyber attack – such as ransomware, DDoS attack, or malware?

Yes

7. Are you aware that Distributed Denial of Service (DDoS) attacks are a significant contribution to service interruptions, outages and downtime?

Yes

©2018 Royal Surrey County Hospital

Log in with your credentials

Forgot your details?