New laws have been introduced in Parliament to help protect the NHS and other sectors from the threat of cyber attacks.

The Cyber Security and Resilience Bill is intended to improve UK cyber defences and prevent attacks similar to the Synnovis ransomware attack in June 2024 which disrupted NHS services in London and contributed to a patient death.

Around 1,000 service providers will fall in the scope of measures, which will require third-party suppliers to boost their cyber security in areas such as risk assessment to minimise the possible impact of cyber attacks and improve their data protection and network security defences.

Liz Kendall, science, innovation and technology secretary, said: “Cyber security is national security. This legislation will enable us to confront those who would disrupt our way of life. I’m sending them a clear message: the UK is no easy target.

“We all know the disruption daily cyber attacks cause. Our new laws will make the UK more secure against those threats.

“It will mean fewer cancelled NHS appointments, less disruption to local services and businesses, and a faster national response when threats emerge.”

The Cyber Security and Resilience Bill was presented to Parliament on 12 November 2025 after first being announced in the King’s Speech in July 2024.

Plans for the Bill, published in April 2025, included proposals requiring more organisations and suppliers, including data centres, managed service providers and critical suppliers, to meet robust cyber security requirements.

Under the Bill, regulators will have more tools to improve cyber security and resilience in the areas they regulate, with organisations required to report more incidents to their regulator and the National Cyber Security Centre (NCSC) within 24 hours, with a full report within 72 hours.

The technology secretary will also get new powers to instruct regulators and the organisations they oversee, such as NHS trusts, to take specific, proportionate steps to prevent cyber attacks where there is a threat to UK national security.

This includes requiring that they strengthen their monitoring or isolate high-risk systems to protect and secure essential services.

Commenting on the new legislation, Jill Popelka, chief executive at British cyber security firm Darktrace, said: “We’ve seen cyber attackers increasingly target supply chains and managed service providers in recent years, including vital institutions like the NHS and the Ministry of Defence.

“It’s promising to see the Bill recognise the risk across the digital ecosystem. It’s also good to see the government’s focus on future-proofing the regulatory environment for cyber security and creating a stronger role for NCSC’s Cyber Assessment Framework.

“These changes will help give organisations more confidence to adopt new technologies while staying prepared for the next evolution in threats.”

Meanwhile, following an investigation into last year’s cyber attack, Synnovis is contacting NHS organisations which had data stolen, including patient names, NHS numbers and test results.