Former GlaxoSmithKline security chief Robert Coles has been named the new chief information security officer (CISO) at NHS Digital.
Coles, who has worked at the pharma company for four years in a similar capacity, will start with NHS Digital on 1 October.
He will be tasked with devising an organisation-wide cyber security strategy for NHS Digital and acting as point man in its organisational response to security incidents.
Prior to working at GlaxoSmithKline (GSK), Coles has held posts as CISO for the National Grid and investment bank Merrill Lynch during his 30-year career in information security.
Speaking on the appointment, Rob Shaw, deputy chief executive of NHS Digital, said: “We have listened to the recommendations made in the lessons learned review into last year’s WannaCry attack and acted on the commitment we made to the Public Accounts Committee to appoint someone to lead the national cyber and security agenda for health and care.
“Robert will build on the excellent work that the NHS Digital Data Security Centre has already done to reach out across the health and care to support improved cyber security across the system.
“Bringing Robert on board allows NHS Digital to continue to strengthen our relationship with the wider health and care sector, by ensuring we have the best expertise to protect them from cyber security threats.
“He brings a huge depth of experience and expertise to this role having worked across different sectors over the past three decades.”
NHS Digital began the hunt for an organisational cyber security lead in June.
An advertisement for the role published online appealed to candidates capable of overseeing the operation and development of NHS Digital’s national security operations centre.
Additional duties underlined in the ad included overseeing cyber security training for all staff up to board level, and strategising cyber-readiness tests for NHS organisation.
Likely to be one of Coles’ first tasks will be ensuring health and care organisations in England meet the minimum cyber security standards under the Cyber Essentials Plus (CE+) certification.
He could have his work cut out for him, in February, NHS Digital revealed that over 200 NHS trusts had fallen short of the government-mandated standards for cyber security.
Shaw said: “We are determined to ensure that cyber security becomes a priority right across the health and care from frontline staff all the way up to board level and believe Robert has the skills and knowledge to help us achieve this.”