NHS Digital’s first chief information security officer (CISO) has resigned just three months into the job, dealing a blow to efforts to improve cybersecurity across the UK’s health service.
In a memo to staff seen by HSJ, NHS Digital deputy CEO, Rob Shaw, said that Robert Coles’ departure was due to personal reasons and that a search for a replacement would begin immediately.
“We have enjoyed working with Robert, and his resignation is accepted with great regret,” he’s reported to have said. “I would like to personally thank him for the passion he brought to the role and the early progress he has made in developing the system-wide cyber-strategy.”
Coles only started his job as NHS Digital’s first CISO on October 1 with a daunting task ahead of him, given scarce funds and well-documented systemic cybersecurity challenges.
In fact, his role was only created after recommendations by NHS England CIO, Will Smart, following the infamous WannaCry ransomware attack of May 2017.
That attack is said to have cost the NHS £92m: £19m as a result of access to information and systems being unavailable, leading to cancelled appointments and £72m spent on extra IT support.
An estimated 19,000 operations and appointments were cancelled as a result of the ransomware-related outages, which caused disruption at a third of NHS England’s trusts and infected a total of 603 primary care and other NHS organizations, including 595 GP practices.
Despite his resignation, Coles is reportedly set to return to work as an independent consultant in the coming months.
“I am very sorry not to be able to continue in my role at NHS Digital,” he explained in the memo. “I have enjoyed working with the very talented and passionate cybersecurity team at NHS Digital and seeing the commitment to improving cyber-resilience across the health and care system.”
Coles is no stranger to high-profile jobs, having held similar positions at pharma giant GlaxoSmithKline, the National Grid and Merrill Lynch.