Health Service Focus

01.10.18

Navigate your way to cyber resilience

Source: Advertisement feature

As the NHS celebrates its 70th birthday, Alan Calder, founder and executive chairman at IT Governance, looks at the urgent need for healthcare organisations to develop cyber resilience to protect patient data, manage data breaches and comply with new data protection legislation.

For the past year, the GDPR (General Data Protection Regulation) has been at the top of many organisations’ agendas, and since it came into effect in May, organisations have been waiting with bated breath for a precedent to be set for the consequences of non-compliance. This comes just as healthcare organisations face new compliance obligations in the DSP (Data Security and Protection) Toolkit and the NIS (Network and Information Systems) Regulations 2018.

With several high-profile breaches recently hitting the press and the devastating effect that poor information security practices can have on patients, now is the time for healthcare providers to critically evaluate their information security posture and look at the measures they have in place to mitigate a data breach. These two objectives can be achieved with an effective cyber resilience programme.

What is cyber resilience?

The goal of cyber resilience is to provide the best defence against cyber-attacks and ensure that your organisation can survive should a breach occur.

The first phase of a cyber resilience programme is to identify, assess and manage the risks associated with an organisation’s network and information systems, including those across the supply chain.

The next phase is to build a capacity around incident response and business continuity management. These response and recovery measures will help you take the necessary steps to minimise the impact of an attack.

Why is cyber resilience important to me and my organisation?

Healthcare organisations are an attractive target for cyber criminals. The wealth of data available and the perception that poor data protection practices are employed have made healthcare and health science the most breached industry globally, according to IT Governance’s list of data breaches in 2017.

Cyber resilience can help protect your organisation from becoming the next breach statistic and demonstrate to stakeholders that your organisation understands its responsibility for keeping information safe. An effective cyber resilience programme can also help organisations demonstrate compliance with regulations such as the GDPR and the NIS Regulations, and industry-specific frameworks such as the DSP Toolkit. Compliance with these is mandatory.

If I am cyber resilient, does that mean I can’t be breached?

In short, no. Cyber threats are always evolving, and even the best defences can’t always protect you from a previously unknown threat. However, a cyber resilience programme does help you implement the most appropriate security measures to reduce the risk of a breach.

If a breach does occur, it is important to take the right steps to limit the damage. Under the GDPR, organisations are required to report certain data breaches to the ICO (Information Commissioner’s Office) within 72 hours of becoming aware, which involves several detailed steps. A cyber resilience programme can help you put breach reporting into the context of a broader response and recovery process, which further demonstrates your organisation’s commitment to reducing harm to data subjects. It can also help you ringfence mission-critical services that will help you maintain business as usual in the event of a cyber-attack.

What does cyber resilience cost?

A cyber resilience programme doesn’t have to be an expensive project. In reality, an effective programme can help you to prioritise and manage spending, and prevent duplicated work when addressing multiple challenges.

An effective cyber resilience programme should also help you to identify and fill security gaps, help to contain a breach more quickly and allow recovery to full function sooner, all of which reduce costs.

There is no ‘one-size-fits-all’ solution, so once you understand your position, you can choose the solution that fits your organisation.

Cyber resilience and compliance frameworks

The NIS Regulations came into effect on 10 May 2018 and aim to achieve a robust level of cyber resilience for OES’s (operators of essential services) and digital service providers in the UK. Most healthcare organisations are required to comply.

The DSP Toolkit superseded the IG (Information Governance) Toolkit as the standard for cyber and data security for healthcare organisations and their partners. All organisations that access the HSCN (Health and Social Care Network) must comply by 31 March 2019.

To help you meet the compliance demands facing healthcare, IT Governance has developed a series of free resources, including the ‘DSP Toolkit and NIS Regulations: The impact for healthcare organisations’ green paper. It identifies the scope and requirements of both compliance frameworks and discusses how organisations can plan and coordinate their compliance projects. Download now >>

FOR MORE INFORMATION:

E: health@itgovernance.co.uk

T: +44 (0)333 800 7000

W: www.itgovernance.co.uk/healthcare

 

Enjoying NHE? Subscribe here to receive our weekly news updates or click here to receive a copy of the magazine!

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

HEE to invest £10m to expand the NHS & care workforce

08/07/2020HEE to invest £10m to expand the NHS & care workforce

Health Education England (HEE) has announced it will invest £10m in funding to help support the growth of the clinical workforce, with the ... more >
RCGP calls for less arduous regulation, more trust in GPs

08/07/2020RCGP calls for less arduous regulation, more trust in GPs

A new report published by the Royal College of GPs calls for a permanent reduction in bureaucracy and red tape in the post-coronavirus period, al... more >
NHS Open Space preparing to return to normal service

08/07/2020NHS Open Space preparing to return to normal service

As part of efforts to return to normal service post-lockdown, efforts are being made to make many NHS Open Space rooms available to book once aga... more >

editor's comment

26/06/2020Adapting and Innovating

Matt Roberts, National Health Executive Editorial Lead. NHE May/June 2020 Edition We’ve been through so much as a health sector and a society in recent months with coronavirus and nothing can take away from the loss and difficulties that we’ve faced but it vital we also don’t disregard the amazing efforts we’v... read more >

last word

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad, president of the Association of the British Pharmaceutical Industry (ABPI), sits down with National Health Executive as part of our Last Word Q&A series. Would you talk us th... more > more last word articles >

the scalpel's daily blog

NHS at 72: Managing mental health services going forward

03/07/2020NHS at 72: Managing mental health services going forward

Sean Duggan, Chief Executive of the Mental Health Network Let’s take this opportunity to reflect on the amazing achievements of our health system over the past few months. But as we recognise the best of the NHS and its response to the Covid-19 crisis we must not forget that for mental health the peak has yet to come. Covid-19 has placed enormous pressure on the entire health and care system. Despite the very real hardships f... more >
read more blog posts from 'the scalpel' >

comment

NHS England dementia director prescribes rugby for mental health and dementia patients

23/09/2019NHS England dementia director prescribes rugby for mental health and dementia patients

Reason to celebrate as NHS says watching rugby can be good for your mental health and wellbeing. As the best rugby players in the world repr... more >
Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Being on the receiving end of some “thanks” can make communit... more >
Nurses named as least-appreciated public sector workers

13/06/2019Nurses named as least-appreciated public sector workers

Nurses have been named as the most under-appreciated public sector professionals as new research reveals how shockingly under-vauled our NHS, edu... more >
Creating the Cardigan integrated care centre

10/06/2019Creating the Cardigan integrated care centre

Peter Skitt, county director and commissioner for Ceredigion Hywel Dda University Health Board, looks ahead to the new integrated care centre bei... more >
Helpforce to launch training programmes for NHS volunteers

10/06/2019Helpforce to launch training programmes for NHS volunteers

Kay Fawcett OBE, clinical advisor and education lead at Helpforce, and Lynn Twinn, talent development consultant, outline the new national traini... more >

interviews

Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

24/10/2019Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

Today, speaking at the Royal College of General Practitioners (RCGP) annual conference, Matt Hancock highlighted what he believes to be the three... more >
NHS dreams come true for Teesside domestic

17/09/2019NHS dreams come true for Teesside domestic

Over 20 years ago, a Teesside hospital cleaner put down her mop and took steps towards her midwifery dreams. Lisa Payne has been delivering ... more >
How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

24/10/2018How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

A dedicated national social care service could be a potential solution to surging demand burdening acute health providers over the winter months,... more >
RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

24/10/2018RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

The president of the Royal College of Physicians (RCP) has told NHE that the college’s new headquarters based in Liverpool will become a hu... more >
Duncan Selbie: A step on the journey to population health

24/01/2018Duncan Selbie: A step on the journey to population health

The NHS plays a part in the country’s wellness – but it’s far from being all that matters. Duncan Selbie, chief executive of Pu... more >