Internal Reference Number: FOI_8685
Date Request Received: 03/06/2025 00:00:00
Date Request Replied To: 10/06/2025 00:00:00
This response was sent via: By Email
Request Summary: Cyber Security Incidents and Measures (FY22–FY25)
Request Category: Companies
| Question Number 1: I am writing to request information under the Freedom of Information Act 2000 regarding the cyber security of your NHS Trust, specifically relating to incidents and the current measures in place to mitigate such threats. Ransomware incidents (FY2022–FY2025) Please confirm whether any digital systems within hospitals managed by your NHS Trust were affected by ransomware attacks during the financial years 2022–2023 through to 2024–2025 (inclusive). If yes: • How many separate ransomware incidents occurred within this period? • For each incident, please provide: o The date or month of occurrence o A brief description of the nature of the attack (e.g. type of ransomware, point of system entry, services impacted) | |
| Answer To Question 1: Please see exemption notice attached | |
| Question Number 2: Data breaches following cyber incidents (FY2022–FY2025) Were any data breaches reported as a result of ransomware or other cyber incidents during this period? If yes, please provide for each breach: • The type(s) of data affected (e.g. patient records, staff information) • The specific impacts of each breach, categorised as follows (where applicable): o Loss of patient data o Loss of staff data o Disruption to patient services (please specify which services, if known) o Disruption to operational processes o Financial impact (e.g. cost of recovery, penalties, compensation, etc.) o Other impacts – please specify | |
| Answer To Question 2: Please see exemption notice attached | |
| Question Number 3: . Current cyber security measures (as of date of request) Please list all cyber security measures and protocols currently in place across the Trust. These may include, but are not limited to: • Cyber insurance (including provider and coverage if available) • Internal and external firewall systems • Use of multi-factor authentication (MFA) for user accounts • Access control systems for sensitive data and critical systems • Anti-virus and anti-malware protection • Cyber security training or awareness programmes for employees • Regular penetration testing or security audits (please specify frequency) • Existence and status of an incident response plan (e.g. last updated date) | |
| Answer To Question 3: Please see exemption notice attached | |
| To return to the list of all the FOI requests please click here |
Our staff at SA¹ú¼Ê´«Ã½ Hospital have long been well regarded for the quality of care and treatment they provide for our patients and for their innovation, commitment and professionalism. This has been recognised in a wide range of achievements and it is reflected in our award of NHS Foundation Trust status. This is afforded to hospitals that provide the highest standards of care.
