FOI.1431 - Cyber Attacks
FOI Reference Number:
1431
Request
How many cyber-attacks (incidents) did your organisation experience in the last 3 years?
If these statistics are available within the cost limit, how many of those incidents involved a) Malware b) Ransomware c) Hacking d) Phishing emails
How many incidents over the last 3 years were reported to the Department of Health and Social Care, whether under the Security of Network and Information Systems Regulations 2018, or otherwise?
How many incidents over the last 3 years resulted in a notification to the Information Commissioner’s Office?
How many incidents over the last 3 years were reported to both DHSC and the ICO?
Response
Date: 23 June 2021
FREEDOM OF INFORMATION – DECISION NOTICE
Dear Sir / Madam,
FOI Reference Number: 1431
I refer to your email of 24 May 2021 requesting information in respect of cyber attacks.
I can confirm on behalf of Derby and Derbyshire CCG, and in accordance with S.1 (1) of the Freedom of Information Act 2000 (FOIA) that we do hold the information that you have requested. A response to each element of your request is detailed below:
Please find below a request made under the FOI Act.
- How many cyber-attacks (incidents) did your organisation experience in the last 3 years?
We currently employ a multi-layer approach to security with a high number of access requests being picked up by our perimeter security, but we are unable to discriminate how many of these may be from bad actors, incorrect passwords, etc. Consequently we are unable to give an indication of numbers. - If these statistics are available within the cost limit, how many of those incidents involved a) Malware b) Ransomware c) Hacking d) Phishing emails
We do not hold this information. - How many incidents over the last 3 years were reported to the Department of Health and Social Care, whether under the Security of Network and Information Systems Regulations 2018, or otherwise?
2018/19: Nil.
2019/20: Nil.
2020/21: 1 incident was reported to the ICO. - How many incidents over the last 3 years resulted in a notification to the Information Commissioner’s Office?
1 incident. - How many incidents over the last 3 years were reported to both DHSC and the ICO?
Nil.
I hope that this answers your queries with the information we currently hold, but if I can be of any further assistance please do not hesitate to contact me.
If you are dissatisfied with the handling of your request, you have the right to ask for an internal review. Internal review requests should be submitted within two months of the date of receipt of the response to your original letter and should be addressed to:
NHS Derby and Derbyshire CCG
FOI Team
Scarsdale
Nightingale Close
Newbold
Chesterfield
S41 7PF
Or:
If you are not content with the outcome of our review, you may apply directly to the Information Commissioner for a decision. Generally, the ICO cannot make a decision unless you have exhausted the complaints procedure provided by the CCG.
The Information Commissioner can be contacted at: Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, telephone 0303 123 1113, email casework@ico.org.uk.
Yours faithfully,
Kathryn Jacklin
FOI Officer
Derby and Derbyshire CCG
All information we have provided is subject to the provisions of the Re-use of Public Sector Information Regulations 2015. Accordingly, if the information has been made available for re-use under the Open Government Licence (OGL) a request to re-use is not required, but the licence conditions must be met. You must not re-use any previously unreleased information without having the consent from the CCG. Should you wish to re-use previously unreleased information then you must make your request in writing (email will suffice) to the FOI Lead via ddccg.foi@nhs.net. All requests for re-use will be responded to within 20 working days of receipt.
