Cyber security in NHS trusts

Source: NHE Jul/Aug 16

Dan Taylor, head of cyber security at the Health and Social Care Information Centre (HSCIC), soon to be NHS Digital, discusses the importance of cyber security and the development of CareCERT.

Many of you may be thinking that this piece isn’t for you, because you aren’t an IT professional. You would be wrong, and this perception is the single biggest threat to keeping health information safe and secure. Good cyber security is the responsibility for every member of staff in an organisation, and good ‘cyber hygiene’ is as important and can be as simple as good hand hygiene in an NHS organisation. 

The move to electronic records, the digitisation of patient services and the advent of technology-enabled care has saved time and resources for the NHS, and has huge potential to play a key role in delivering excellent patient care in the future. But alongside the benefits of digitisation there are risks, and with risks come responsibilities. These responsibilities aren’t just for your IT or security team, they belong to every member of staff in your organisation. 

Cyber security starts on the frontline 

Effective security has to start with people. Estimates vary, but official figures from HSCIC show that around 1.3 million people work within health, the vast majority of those delivering care. 

Security starts on the frontline, not in the IT department. Does everyone have basic training in cyber security? Do they understand their personal responsibility to keep data safe? This ‘cyber hygiene’ includes simple things such as keeping passwords safe and changing them regularly; never letting anyone other than the named person use a Smartcard; not clicking on unverified links; keeping mobile devices safe and secure; and ensuring that individuals log off or lock screens when they move away from a device. 

So if cyber security is so important to the NHS, what is happening at the centre to support organisations to practice what I am preaching? 

CareCERT support 

CareCERT Broadcast is an HSCIC service that gathers known threats and intelligence and broadcasts them appropriately across health and care organisations, along with advice about how to mitigate those threats. This enables organisations to make informed decisions about protectively fixing vulnerabilities before they become an issue. 

CareCERT Broadcast has been live for many months now [NHE reported on this in the Jan/Feb 2016 issue] and we’ve received useful feedback about other cyber services the sector would like to see us provide. As a result, CareCERT Broadcast will soon have some cyber siblings including CareCERT Assure; a set of CareCERT training modules; and a range of other services to be announced later this year.

CareCERT Assure will allow health and care organisations to take a free assessment of their cyber strengths and weaknesses. We want to use our experience to learn lessons on behalf of the sector, benchmark what good looks like and then share that, whilst also helping individual organisations to pin-point areas for improvement and investment, maximising the limited resources available. 

We are also in beta testing for a national cyber security training platform. This will cover a number of basic areas for all staff and a second, more complex module, will be available for specialist staff. Freely available to all health and care organisations, the training will enable organisations to develop colleagues, whilst ensuring our people form the first line of defence in securing information. 

CareCERT services will enable health and care organisations to benefit from the expertise at HSCIC, but without dictating a one-size-fits-all approach. Ultimately, the security of information is the responsibility of the organisation where it is held. We want to support organisations to safely look after that information, whilst allowing them to make appropriate local decisions about what works for their individual needs.

Tell us what you think – have your say below or email


Rick Gray   19/08/2016 at 08:14

My name is Rick Gray, I'm Head of Cyber Security for CSI Ltd. Charles Lilley (Head of Health Services) for CSI Ltd and myself have recently provided help to multiple NHS Trusts throughout the UK. I read the article this morning and its great to see Dan has created something educational for the NHS to use. We too often find deploying security tools which is necessary as prevention is not enough. Education is the key and one of the hardest areas in cyber security prevention, great to see Dan's created a collaboration of information to share.

Add your comment


national health executive tv

more videos >

latest healthcare news

NHSE: Trusts must urgently develop leaders to drive digital innovation

26/07/2017NHSE: Trusts must urgently develop leaders to drive digital innovation

The NHS needs to urgently develop leaders to help drive forward the implementation of digital technology in the health service, a leading figure ... more >
Doctors call for alcohol pricing reform to cut £17bn NHS drinking cost

26/07/2017Doctors call for alcohol pricing reform to cut £17bn NHS drinking cost

Doctors have this week called for the introduction of minimum unit pricing on alcohol in the UK after it was revealed that drink could kill 63,00... more >
Manchester mental health to be transformed by £134m fund

26/07/2017Manchester mental health to be transformed by £134m fund

Health authorities in Manchester have this week launched an enormous £134m action plan to transform mental health care in the area. Th... more >
681 149x260 NHE Subscribe button

the scalpel's daily blog

Is it right to label antidepressants ‘a prescription for murder’?

26/07/2017Is it right to label antidepressants ‘a prescription for murder’?

As the stigma about mental health decreases and more come forward to be treated for various illnesses, the number of antidepressants that are prescribed to sufferers will be set to increase. But tonight, the BBC will air a documentary arguing that Selective Serotonin Reuptake Inhibitors (SSRIs) could have some dangerous side effects. The Panorama will say that SSRIs, including commonly prescribed drugs like Prozac and Seroxat, whic... more >
read more blog posts from 'the scalpel' >


A new approach to talent management

25/07/2017A new approach to talent management

Martin Hancock, national lead for talent management at NHS Leadership Academy, and Gill Rooke, the organisation’s senior operations manager... more >
Enabling greater integration through ACSs

25/07/2017Enabling greater integration through ACSs

At this year’s NHS Confed, Simon Stevens revealed the first wave of accountable care systems (ACSs). NHE speaks to Ian Dodge, the director ... more >
How NHS organisations can protect themselves against cyber crime

25/07/2017How NHS organisations can protect themselves against cyber crime

On 12 May, a global cyber-attack occurred on an unprecedented scale. It affected organisations across the globe and, though it did not specifical... more >
Working collectively to improve cancer outcomes for patients

20/06/2017Working collectively to improve cancer outcomes for patients

Last year, the cancer vanguard established the Pharma Challenge. Rob Duncombe, pharmacy director at the Christie NHS FT, gives NHE an update on t... more >

last word

A clear strategy for change is needed for health and social care

A clear strategy for change is needed for health and social care

Nigel Edwards, CEO at the Nuffield Trust, argues that it would be a lost opportunity if the next government does not seek to put both health and social care funding on a more sustainable footing.... more > more last word articles >

editor's comment

13/06/2017Tackling the major challenges facing the NHS

As you will have gathered from the front cover, a theme that runs throughout this edition of NHE is about empowering and involving the workforce in order to deliver innovative change across the system.  Professor Jane Dacre, president of the Royal College of Physicians, highlights on page 16 the importance of sustainability and trans... read more >

health service focus

Data explosion and ageing population meet in the hospital

25/07/2017Data explosion and ageing population meet in the hospital

Eran David, chief technology officer of iMDso... more >
Get ready to do it all over again

25/07/2017Get ready to do it all over again

NHE hears from Jim Mackey and Lord Carter of ... more >