The powers of the UK security and intelligence organization have been extended to access information from NHS computer systems.
The seat of government communication (GCHQ) was granted additional powers by former health secretary Matt Hancock in April 2020 to allow the organization to request anything “related to the security of any network and information system.”
The powers were supposed to remain in force until December 2020, but they were extended and since then they have been extended again until December 31, 2021.
A direction, signed by the Secretary of Health, states during the Covid-19 crisis that “the network and information systems maintained by the NHS in England or on its behalf, or those bodies providing public health services in England, have to be protected to ensure these systems continue to operate to support the provision of services intended to treat coronavirus ”.
The attempt to strengthen cybersecurity during the pandemic allows the GCHQ to request information from or on behalf of the NHS and supports the provision of NHS services related to coronavirus for the purpose of “supporting and maintaining the security of any network and information system ”.
The competencies also cover information networks and systems that, if their security is impaired, affect the NHS’s ability to provide Covid-19 services.
A spokesman for the National Cyber Security Center confirmed that there had been no changes in the instructions given to GCHQ since the powers were granted in April 2020.
“This is part of our ongoing commitment to protect health services during the coronavirus pandemic,” they said.
“We do not wish to receive patient data and the instructions do not seek to authorize it.”