asked Her Majesty's Government:

In respect of the Department of Health, (a) on how many occasions in the last year malicious programs have compromised departmental computer systems; and, for each occasion, how many machines were affected; how long it took to remove the programs from the system; and what was the impact on the department's activities; (b) what penetration tests have been carried out of information systems over the last year and what were the results, indicating in each instance whether the tests were carried out independently of the providers of the system concerned; and (c) on how many occasions in the last year the departmental management team has considered information risk. [HL2439]

In the past year there have been no reported instances of malicious programs, such as computer viruses and worms, compromising the department's computer systems.

The department does not normally comment on security matters.

The department follows Treasury advice on risk management, and the departmental board regularly considers the high-level risk register.