interviews

25.07.17

How NHS organisations can protect themselves against cyber crime

Source: NHE Jul/Aug 2017

On 12 May, a global cyber-attack occurred on an unprecedented scale. It affected organisations across the globe and, though it did not specifically target the NHS, the impact on UK health services brought cyber security to the top of the national agenda. NHE’s David Stevenson gets an update from the NHS Digital Data Security Centre on what steps NHS organisations can take to protect themselves from cyber crime.

The response to the attack on 12 May was a co-ordinated effort between a number of government organisations including NHS Digital, the Department of Health, NHS England and the National Cyber Security Centre (NCSC). 

The government is fully committed to defending against cyber threats and addressing the cyber skills gap to develop and grow talent. A five-year National Cyber Security Strategy was announced in November 2016, supported by £1.9bn of transformational investment. 

This joined-up approach was seen in practice during the attack, with these agencies offering close support for the NHS: alerting NHS organisations to known data and cyber security threats; advising them of appropriate steps to take to minimise these risks; resolving any issues as quickly as possible; and gathering feedback which can be used to further strengthen the response of the system and the ability to forewarn, forearm and respond. 

It isn’t just IT teams who have responsibilities regarding data and cyber security. It’s the responsibility of everyone in the NHS, or any organisation using IT systems and equipment, and there are plenty of ways to ensure a robust response to a cyber-security incident. 

What immediate steps can NHS organisations take? 

  1. Leadership is critical to ensuring data security is embedded across the organisation
  2. Invest in your people – across all disciplines, this isn’t simply a technology issue
  3. Get all staff to understand that data security has and will have an impact on citizen-facing services
  4. Prioritise the actions that make your biggest risks less likely to happen (for example, regular patching, getting rid of old operating systems)
  5. Prioritise the actions that make things less bad when risks do crystallise (for example, a regularly rehearsed incident management team, pre-agreed lines-to-take, alternative ways to deliver your service) 

To avoid becoming infected with ransomware and enable recovery, system users should ensure that: 

  • A robust programme of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails
  • All operating systems, antivirus and other security products are kept up to date
  • All day-to-day computer activities, such as email and internet, are performed using non-administrative accounts and that permissions are always assigned on the basis of least privilege
  • All critical data must be backed up, and these backups must be sufficiently protected/kept out of reach of ransomware
  • Multiple backups should be created including at least one off-network backup (e.g. to tape) 

What should you do if a suspected cyber-attack occurs? 

If you believe your systems have been attacked, contact your IT provider/help desk immediately. They should be the first point of contact and it is essential to seek their advice before taking any action that might affect your system. 

The NCSC was opened by the Queen in February and provides a useful central body for cyber security at a national level. It manages national cyber security incidents like these, carries out real-time threat analysis and provides tailored sectorial advice. 

The National Crime Agency encourages anyone who thinks they may have been subject to online fraud to contact Action Fraud at: www.actionfraud.police.uk. 

NHS Digital’s Data Security Centre offers advice and guidance to help health and social care organisations respond effectively and safely to cyber-security threats. To receive their regular high-severity alerts and security bulletins, email: carecert@nhsdigital.nhs.uk. 

How do we protect ourselves in the future? 

  • Ensure all systems are protected with the latest antivirus definitions
  • If your network becomes infected immediately report it to your antivirus provider for investigation and patching
  • Ensure your antivirus software is kept updated with the very latest security definitions, to detect current and evolving strains of this malware
  • Confirm with your antivirus provider that they have rolled out virus definitions which are supported by your organisation’s operating systems to protect you from the spread of this malware (especially if your organisation is running out of support operating systems)
  • Ensure your antivirus software is properly configured and automatically scans all files and file operations (including file reads, writes and renames) and manually run scans on critical areas such as servers and shared network file storage.

FOR MORE INFORMATION

W: www.digital.nhs.uk

W: www.ncsc.gov.uk

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

Robotic lung surgery reaches 150 procedure milestone

12/12/2019Robotic lung surgery reaches 150 procedure milestone

More than 150 robotic lung surgery operations have been carried out by specialists at NHS Golden Jubilee National Hospital. The dedicated th... more >
New Centre for Advanced Measurement Research and Health Translation opened

11/12/2019New Centre for Advanced Measurement Research and Health Translation opened

The University of Strathclyde has today (Dec 11) announced the opening of a new centre of excellence in Glasgow, supporting innovation in the med... more >
RSPH responds to research on activity equivalent calorie labelling

11/12/2019RSPH responds to research on activity equivalent calorie labelling

The University of Loughborough published research findings yesterday (Dec 10) showing that labelling foods with the amount of physical activity n... more >
681 149x260 NHE Subscribe button

the scalpel's daily blog

Why face-to-face support is still crucial for prevention and treatment

11/12/2019Why face-to-face support is still crucial for prevention and treatment

Zaytun Ratansi, health facilitator at Living Well Taking Control With the rise of large digital players in the healthcare system, the way patients are receiving treatment is ever-changing. For example, Amazon Alexa speakers are now considered a viable medium to offer patients healthcare advice. Whilst we welcome this digital tra... more >
read more blog posts from 'the scalpel' >

comment

NHS England dementia director prescribes rugby for mental health and dementia patients

23/09/2019NHS England dementia director prescribes rugby for mental health and dementia patients

Reason to celebrate as NHS says watching rugby can be good for your mental health and wellbeing. As the best rugby players in the world repr... more >
Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Being on the receiving end of some “thanks” can make communit... more >
Nurses named as least-appreciated public sector workers

13/06/2019Nurses named as least-appreciated public sector workers

Nurses have been named as the most under-appreciated public sector professionals as new research reveals how shockingly under-vauled our NHS, edu... more >
Helpforce to launch training programmes for NHS volunteers

10/06/2019Helpforce to launch training programmes for NHS volunteers

Kay Fawcett OBE, clinical advisor and education lead at Helpforce, and Lynn Twinn, talent development consultant, outline the new national traini... more >

last word

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad, president of the Association of the British Pharmaceutical Industry (ABPI), sits down with National Health Executive as part of our... more > more last word articles >

editor's comment

25/09/2017A hotbed of innovation

This edition of NHE comes hot on the heels of this year’s NHS Expo which, once again, proved to be a huge success at Manchester Central. A number of announcements were made during the event, with the health secretary naming the second wave of NHS digital pioneers, or ‘fast followers’, which follow the initial global digital e... read more >

health service focus

Mike Farrar, Swim England - Last Word

07/12/2019Mike Farrar, Swim England - Last Word

Mike Farrar Chairperson of Swim England ... more >
Moulding The Future With 3D Printing

06/12/2019Moulding The Future With 3D Printing

Source : NHE Nov/Dec   Profess... more >