NHS England launch Cyber Security Charter

16 May 2025 12:50 PM

NHS England has announced the introduction of a Cyber Security Charter in an open letter addressed to all current, prospective and aspiring suppliers to the NHS.

The letter acknowledges the increasing sophistication of cyber threats, particularly the growing prevalence of ransomware attacks targeting NHS supply chains. The letter emphasised that as attackers become more advanced, the potential impact and severity of attacks also escalates, in response a coordinated response is needed from all partners.

The Cyber Security Charter outlines 8 core principles that suppliers are expected to meet. These principles include, the implementation of Multi-Factor Authentication (MFA) across suppliers’ systems and the execution of cyber response exercises at board level to ensure preparedness and resilience.

In recognition of this commitment, NHS England and the Department for Health and Social Care have made the following pledges:

To work collaboratively with suppliers in shaping national policies and regulatory frameworks that affect NHS supply chains.
To support NHS providers in making informed procurement decisions by improving their awareness of cyber security standards and the importance of working with security conscious suppliers.
To provide assistance to NHS organisations during cyber incidents and promote a Just Culture.

The full press release is available here and the open letter can be accessed here.

Cyber Resilience Programme activities

techUK brings together key players across the cyber security sector to promote leading-edge UK capabilities, build networks and grow the sector. techUK members have the opportunity to network, share ideas and collaborate, enabling the industry as a whole to address common challenges and opportunities together. Visit the programme page here.