NHS England has written to CEOs of suppliers to the NHS to "highlight the
growing and ever-changing cyber security threat level that we collectively face".

In the letter, the authors warn of an increasing frequency and severity of incidents, and highlight ransomeware attacks on the supply chain in recent years.

NHS England is asking suppliers to ensure their systems are kept in support and have the latest patches applied to address known vulnerabilities.

Suppliers are asked to apply Multi-Factor Authentication (MFA) to their own networks and systems and deploy effective 24/7 cyber monitoring.

The letter asks suppliers to commit to being an outstanding and trusted partner to the NHS, by signing up to the public charter on cyber security good practice.

NHS England is developing tools that providers can use to identify their critical suppliers to carry out appropriate assurance.

They are also reviewing the contractual frameworks that NHS organisations use to enter contracts, so they have the appropriate security schedules and expectations are clear.

The letter is signed by Phil Huggins (national chief information security officer for health and care, Department of Health and Social Care), Mike Fell (director of cyber 
operations, NHS England), and Vin Diwakar (national director of transformation, NHS England).

They said: "We will continue to engage with suppliers on our work and policies, which will include issuing further communications including details of the upcoming charter and future engagements.

"We are grateful for your support on this important issue."