First NHS Digital information security officer resigns after three months

NHS Digital’s first information security officer has resigned just three months in the role. The role was established after the WannaCry ransomware attack that took place affected computers worldwide in May 2017.

According to National Health Executive, in a memo to staff, it was announced that Robert Coles would be stepping down from the role for personal reasons.

Mr Coles, the former security chief at GlaxoSmithKline (GSK) started the new job in October. Cole was tasked with devising an organisational-wide cyber security strategy for NHS Digital in the wake of incidents like WannaCry.

Deputy chief executive Rob Shaw told staff that the resignation was “accepted with great regret” and personally thanked him for the “passion he brought to the role” and the progress he made in developing the system-wide cyber strategy.

Mr Coles commented on his departure from the role: “I am very sorry not to be able to continue in my role at NHS Digital. I have enjoyed working with the very talented and passionate cyber security team at NHS Digital and seeing the commitment to improving cyber resilience across the health and care system. “I wish everyone involved in building greater cyber resilience in the NHS the very best as they take this critical work forward.”

NHS Digital created the CISO role as a result of one of the key recommendations of the ‘lessons learned’ report produced by NHS England chief information officer Will Smart following the attack in May 2017.

The large scale attack was from the new family of ransomware called WannaCryptor which resulted in severe disruption of more than 80 hospitals and 8% of GP practices. Figures revealed by the Department of Health and Social Care showed a total cost of £92m to the NHS due to lost services and IT support used to restore systems and data in the aftermath.

Mr Shaw told staff that they would find a replacement immediately to ensure the “cyber security agenda continues to be key for NHS Digital and for the organisations we support.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.