The must-read stories and debate in health policy and leadership.

With the ever-increasing digitisation of the NHS, it is important that good cyber security is front and centre of health chiefs’ minds.

But HSJ research shows at least half of integrated care systems do not yet have cyber security plans or strategies in place to mitigate the impact of unfriendly attackers online.

This is not (yet) in contravention of any rules or obligations. NHS England’s What Good Looks Like framework requires integrated care systems to have such plans in place, but not until 2025. 

However, as the King’s Fund analyst Pritesh Mistry pointed out, cyber attacks are “constantly evolving” and can cause widespread disruption to patient care.

Although ICSs only became statutory in July this year, they have been evolving since 2016 – when they were first launched as sustainability and transformation partnerships.

Six years on, is it too much to ask that these health economies prioritise some time to put in place potentially crucial defences against an increasingly dangerous risk to the NHS?

Having system-wide plans may not prevent attacks on individual suppliers, but they might help mitigate the impact and hasten the recovery process.

Signed, sealed, not delivered

NHS England is cracking down on trusts and systems that are looking to revise their financial forecasts mid-year.

According to documents marked “confidential”, seen by HSJ, NHS England has set out a new protocol that includes a requirement for integrated care board sign-off for all trusts wanting to spend over £50,000.

Systems wanting to spend over £100,000 must look for regional NHSE finance and any financial plans may be subject to a review with a neighbouring provider, with an added warning that, “an overspend by one provider will need to be compensated for by other providers”.

This is surely not a surefire way of fostering good local relationships, something highlighted by NHS Providers’ Saffron Cordery who said it was crucial anything underpinning forecast revisions supported collaborative working.

Response to this protocol has broadly been critical, with NHS Confed describing it as a “backwards step” and adding that NHS leaders want to ensure vital expenditure is not held up by sign-off delays.

Other criticisms include fears that the new measures will add pressure to exec teams, with leaders expressing doubt the new rules just won’t work.

The thinking behind this protocol is unclear but it seems to be adding another layer of bureaucracy at a time when leaders are stretched beyond measure.

Also on hsj.co.uk today

Replying to criticism of the NHS Graduate Management Training Scheme, Raihan Mohammed explains in a comment piece why his experience of the programme has been overwhelmingly positive. And in his weekly column, Julian Patterson says that in the wake of the nurses’ ballot, and as fears of further unrest rock the health service, another vital group of public servants could be about to down tools. Find out who…