Health Service Focus

21.01.16

Tackling cyber security collectively

Source: NHE Jan/Feb 16

Dan Taylor, programme head of cyber security at the Health and Social Care Information Centre, explains how a co-ordinated approach is being developed to tackle cyber security across the health and social care system.

Tackling the growing threat of cyber security across the health and social care sector will require more investment in frontline staff as well as new processes, NHE has been told. 

Back in September 2015, the Health and Social Care Information Centre (HSCIC) announced that from January this year a Care Computer Emergency Response Team (CareCERT) would go live.

The CareCERT service, commissioned by the Department of Health, aims to offer advice and guidance to organisations to help them respond effectively to cyber threats. It consists of three key services: a national cyber security incident management function; issuing national level threat advisories, for immediate broadcast to organisations across the health and social care sector; and publishing good practice guidance on cyber security for the health and social care system. 

NHE caught up with Dan Taylor, programme head of cyber security at HSCIC, to discuss the development of the project and what it aims to achieve in the coming year. 

Early developments 

We were told that HSCIC and project partner BT have spent the last few months focusing on developing HSCIC’s contact database, and on how it broadcasts its advice messages and guides. 

Taylor said: “At the end of October, we achieved a contact database, and we agreed a scope with organisations which we were going to contact in the initial phase. They were who you would expect: NHS trusts, GPs, partnerships, local authorities, social care and those types of organisations. 

“Within those organisations we then got named contacts who were the IT or security specialists. We now have 95% of contacts across these organisations, which means for the first time we have got a way to broadcast information to people at the heart of health and social care.” 

As part of a phased implementation process, the team has now started emailing their CareCERT cyber security bulletins and alerts direct to staff on a regular basis, informing organisations about cyber security vulnerabilities, mitigating risks, and reacting to cyber security threats and attacks. 

Taylor added that the project’s implementation is still a “learning process” and the CareCERT team, made up of a small number of HSCIC and BT analysts, is looking to “optimise and add value” after receiving feedback from its customers. 

Contacting customers 

Commissioning support units (CSUs) are generally responsible for IT security for many GP surgeries, which are often too small-scale to have the level of expertise required themselves. NHE asked Taylor how HSCIC’s emailing campaign had been received by these various organisations, and whether that trend looks set to change. 

He said: “We are actually doing some work at the moment with GPs, CSUs and CCGs. We are broadcasting to all CCGs, CSUs and GPs together. Part of the engagement work I talked about earlier is what the preferences are for GPs, and who takes responsibility. At the moment I think it is fair to say that many GPs are contacting CCGs and CSUs to ask for guidance. 

“But because we are broadcasting to CCGs and GPs, everyone is at the same level of understanding. The CCGs know that the GPs are going to come to them, the GPs have an idea of what their threat profile might be, but the one thing we are working through now is what is the most efficient [communication] route. Is it to work directly with the CCGs, who then contact the GPs? Or should it be sent to everyone? 

“I think we’ll have a handle on that by the end of the financial year.” 

But North of England Commissioning Support (NECS) recently told GP surgeries that it had requested (with the agreement of CCGs) that the HSCIC stops emailing the CareCERT alerts direct to GP practices, because it is “managing these proactively on your [GPs’] behalf”. 

NECS said its own IT security team receive the communications from HSCIC and they are “proactively assessed as soon as they are received”. 

“If there is any appropriate action that needs to be taken as a result of these communications, please be assured that NECS will communicate these out as soon as possible to all affected customers,” said the organisation. “Just as an example, two out of the last three CareCERT alerts were for vulnerabilities in third party products that we do not even have on any devices across our entire IT estate (McAfee Security Manager & Juniper ScreenOS) – so no action was required.” 

Value of aggregation 

But Taylor told us that one of the key benefits of CareCERT is that there is value in the “aggregation of information”. 

“One of the key things that CareCERT has delivered for us is the idea that if we see something in one area – a threat profile or something that has been developed within a trust – we take that learning and can broadcast that out,” he said. 

“If you can tackle problems, such as malware threats, before they happen it means we can learn as we go and benefit from a greater level of protection.” 

e-learning investment 

HSCIC is procuring a national online training platform for dealing with cyber security, accessible for all health and social care practitioners. 

“We need to focus and invest in our people,” said Taylor. “There is often a focus on technology [to fight cyber threats] and it is actually the people processing technology.” 

He added that the 1.3 million people who make up the NHS workforce are the “first line of protection” against cyber threats. Taylor also hopes that by offering training to staff then there will be greater protection across the system. 

“That training platform is being procured now and will be brought online in a test-phase,” he said.

The e-learning will feature courses aimed at different people within an organisation. For instance, there will be modules for everyone looking to improve cyber security; more technical courses for IT professionals; and a board-level module, which looks at what the responsibilities are of responsible owners. Although HSCIC would not give exact dates for the roll out of the programme, Taylor said: “We fully intend to deliver the training platform in the financial year 2016-17.” 

Gold standard 

Over the next year, the HSCIC team will improve and optimise the services within CareCERT. “One of the big things for us next year is to ensure that CareCERT gets seen as the ‘brand of recognition’: that if you have something from CareCERT, such as an alert, it is seen as the gold standard, and is something to take note of. There are a lot of falsehoods in cyber security, so having that trusted brand is quite important.” 

HSCIC added that engagement with NHS and social care organisations has played a major part in the development of CareCERT, and will continue to do so. “It is very important to understand what they want,” said Taylor. “CareCERT allows NHS organisations to benefit from a level of security expertise that they might not have on the ground, and the advisories can give them the information they are not going to get any other way. 

“There isn’t going to be a security professional in every GP surgery, so hopefully they [the alerts and guides] should add real value very quickly.”

Tell us what you think – have your say below or email opinion@nationalhealthexecutive.com

 

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

RCGP: Comprehensive plan for handling winter pressures ‘vital’

14/07/2020RCGP: Comprehensive plan for handling winter pressures ‘vital’

With annual winter pressures and a potential second wave of the coronavirus risking coinciding, the Royal College of GPs (RCGP) has called f... more >
Manchester University NHS FT health innovation campus takes forward steps

14/07/2020Manchester University NHS FT health innovation campus takes forward steps

A world-leading health innovation and precision medicine campus being established in Manchester, as part of a joint venture between Manchester Un... more >
NHS Confederation partner in new report to level up health in Yorkshire

14/07/2020NHS Confederation partner in new report to level up health in Yorkshire

NHS Confederation, Yorkshire & Humber Academic Health Sciences Network (AHSN) and Yorkshire Universities have combined their expertise to pub... more >

editor's comment

26/06/2020Adapting and Innovating

Matt Roberts, National Health Executive Editorial Lead. NHE May/June 2020 Edition We’ve been through so much as a health sector and a society in recent months with coronavirus and nothing can take away from the loss and difficulties that we’ve faced but it vital we also don’t disregard the amazing efforts we’v... read more >

last word

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad, president of the Association of the British Pharmaceutical Industry (ABPI), sits down with National Health Executive as part of our Last Word Q&A series. Would you talk us th... more > more last word articles >

the scalpel's daily blog

NHS at 72: Managing mental health services going forward

03/07/2020NHS at 72: Managing mental health services going forward

Sean Duggan, Chief Executive of the Mental Health Network Let’s take this opportunity to reflect on the amazing achievements of our health system over the past few months. But as we recognise the best of the NHS and its response to the Covid-19 crisis we must not forget that for mental health the peak has yet to come. Covid-19 has placed enormous pressure on the entire health and care system. Despite the very real hardships f... more >
read more blog posts from 'the scalpel' >

comment

NHS England dementia director prescribes rugby for mental health and dementia patients

23/09/2019NHS England dementia director prescribes rugby for mental health and dementia patients

Reason to celebrate as NHS says watching rugby can be good for your mental health and wellbeing. As the best rugby players in the world repr... more >
Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Being on the receiving end of some “thanks” can make communit... more >
Nurses named as least-appreciated public sector workers

13/06/2019Nurses named as least-appreciated public sector workers

Nurses have been named as the most under-appreciated public sector professionals as new research reveals how shockingly under-vauled our NHS, edu... more >
Creating the Cardigan integrated care centre

10/06/2019Creating the Cardigan integrated care centre

Peter Skitt, county director and commissioner for Ceredigion Hywel Dda University Health Board, looks ahead to the new integrated care centre bei... more >
Helpforce to launch training programmes for NHS volunteers

10/06/2019Helpforce to launch training programmes for NHS volunteers

Kay Fawcett OBE, clinical advisor and education lead at Helpforce, and Lynn Twinn, talent development consultant, outline the new national traini... more >

interviews

Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

24/10/2019Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

Today, speaking at the Royal College of General Practitioners (RCGP) annual conference, Matt Hancock highlighted what he believes to be the three... more >
NHS dreams come true for Teesside domestic

17/09/2019NHS dreams come true for Teesside domestic

Over 20 years ago, a Teesside hospital cleaner put down her mop and took steps towards her midwifery dreams. Lisa Payne has been delivering ... more >
How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

24/10/2018How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

A dedicated national social care service could be a potential solution to surging demand burdening acute health providers over the winter months,... more >
RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

24/10/2018RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

The president of the Royal College of Physicians (RCP) has told NHE that the college’s new headquarters based in Liverpool will become a hu... more >
Duncan Selbie: A step on the journey to population health

24/01/2018Duncan Selbie: A step on the journey to population health

The NHS plays a part in the country’s wellness – but it’s far from being all that matters. Duncan Selbie, chief executive of Pu... more >