The document, released by Matt Hancock - Secretary of State for Health and Social Care, states that the move is necessary to protect network and IT systems used by the NHS from Cyber Actors that may attempt to take advantage of the coronavirus crisis.

The new provisions however are only temporary and will expire at the end of 2020. They are designed to extend the scope of the Computer Misuse Act 1990 in highlighting that the NHS (and any supporting service) must “consent to the disclosure, to GCHQ, of any information relating to the security of any network and information system held by or on behalf of the NHS or a public health body during the period ending on 31st December 2020".

When asked, a spokesperson for GCHQ’s National Cyber Security Centre (NCSC) said:

The measures are part of our ongoing commitment to protect health services during the coronavirus pandemic. These directions give us consent to check the security of NHS IT systems.

The directions do not give the agency access to patient data, and that NCSC has "no interest" in obtaining such information.

Spokesperson for GCHQ

The COVID-19 crisis has seen a large increase in the number of attacks of health services globally, including the NHS.

NCSC and the US Cybersecurity and Infrastructure Agency (CISA) put out a joint warning that that cyber crooks and advanced persistent threat (APT) groups are currently using a range of malware and ransomware to target individuals as well as businesses across the UK, US and other countries.