24 April 2020
The Government has announced that the security of NHS (and other public health service) IT infrastructure is so important to handling the current national emergency that it has called in GCHQ to help.
"These directions enable the support and maintenance of cyber security of network and information systems held by or on behalf of the NHS or a public health body during the coronavirus (COVID-19) emergency. This power will last until 31 December 2020."
This means that GCHQ is authorised to undertake any activities
"... for the purpose of supporting and maintaining the security of any network and information system which - (a) is held by or on behalf of the NHS or a public health body, and (b) supports, directly or indirectly, the provision of NHS services or public health services intended to address coronavirus and coronavirus disease."
GCHQ will be authorised to help protect any
"... network and information system which indirectly supports the provision of services (and) includes a(ny) network and information system which may, if its security is impaired, affect (directly or indirectly) the ability of the NHS or a public health body to provide services to address coronavirus and coronavirus disease."
NHS and other public health bodies are also directed to
"... consent to the disclosure, to GCHQ, of any information relating to the security of any network and information system held by or on behalf of the NHS or a public health body during the period ending on 31st December 2020."
You can access the full text of the Security of NHS and Public Health Services Digital Systems Coronavirus Directions 2020 here.