Comment

11.07.16

Cyber security in NHS trusts

Source: NHE Jul/Aug 16

Dan Taylor, head of cyber security at the Health and Social Care Information Centre (HSCIC), soon to be NHS Digital, discusses the importance of cyber security and the development of CareCERT.

Many of you may be thinking that this piece isn’t for you, because you aren’t an IT professional. You would be wrong, and this perception is the single biggest threat to keeping health information safe and secure. Good cyber security is the responsibility for every member of staff in an organisation, and good ‘cyber hygiene’ is as important and can be as simple as good hand hygiene in an NHS organisation. 

The move to electronic records, the digitisation of patient services and the advent of technology-enabled care has saved time and resources for the NHS, and has huge potential to play a key role in delivering excellent patient care in the future. But alongside the benefits of digitisation there are risks, and with risks come responsibilities. These responsibilities aren’t just for your IT or security team, they belong to every member of staff in your organisation. 

Cyber security starts on the frontline 

Effective security has to start with people. Estimates vary, but official figures from HSCIC show that around 1.3 million people work within health, the vast majority of those delivering care. 

Security starts on the frontline, not in the IT department. Does everyone have basic training in cyber security? Do they understand their personal responsibility to keep data safe? This ‘cyber hygiene’ includes simple things such as keeping passwords safe and changing them regularly; never letting anyone other than the named person use a Smartcard; not clicking on unverified links; keeping mobile devices safe and secure; and ensuring that individuals log off or lock screens when they move away from a device. 

So if cyber security is so important to the NHS, what is happening at the centre to support organisations to practice what I am preaching? 

CareCERT support 

CareCERT Broadcast is an HSCIC service that gathers known threats and intelligence and broadcasts them appropriately across health and care organisations, along with advice about how to mitigate those threats. This enables organisations to make informed decisions about protectively fixing vulnerabilities before they become an issue. 

CareCERT Broadcast has been live for many months now [NHE reported on this in the Jan/Feb 2016 issue] and we’ve received useful feedback about other cyber services the sector would like to see us provide. As a result, CareCERT Broadcast will soon have some cyber siblings including CareCERT Assure; a set of CareCERT training modules; and a range of other services to be announced later this year.

CareCERT Assure will allow health and care organisations to take a free assessment of their cyber strengths and weaknesses. We want to use our experience to learn lessons on behalf of the sector, benchmark what good looks like and then share that, whilst also helping individual organisations to pin-point areas for improvement and investment, maximising the limited resources available. 

We are also in beta testing for a national cyber security training platform. This will cover a number of basic areas for all staff and a second, more complex module, will be available for specialist staff. Freely available to all health and care organisations, the training will enable organisations to develop colleagues, whilst ensuring our people form the first line of defence in securing information. 

CareCERT services will enable health and care organisations to benefit from the expertise at HSCIC, but without dictating a one-size-fits-all approach. Ultimately, the security of information is the responsibility of the organisation where it is held. We want to support organisations to safely look after that information, whilst allowing them to make appropriate local decisions about what works for their individual needs.

Tell us what you think – have your say below or email [email protected]

Comments

Rick Gray   19/08/2016 at 08:14

My name is Rick Gray, I'm Head of Cyber Security for CSI Ltd. Charles Lilley (Head of Health Services) for CSI Ltd and myself have recently provided help to multiple NHS Trusts throughout the UK. I read the article this morning and its great to see Dan has created something educational for the NHS to use. We too often find deploying security tools which is necessary as prevention is not enough. Education is the key and one of the hardest areas in cyber security prevention, great to see Dan's created a collaboration of information to share.

Add your comment

national health executive tv

more videos >

latest healthcare news

NHS England commits £30m to join up HR and staff rostering systems

09/09/2020NHS England commits £30m to join up HR and staff rostering systems

As NHS England looks to support new ways of working, it has launched a £30m contract tender for HR and staff rostering systems, seeking sup... more >
Gender equality in NHS leadership requires further progress

09/09/2020Gender equality in NHS leadership requires further progress

New research carried out by the University of Exeter, on behalf of NHS Confederation, has shown that more progress is still needed to achieve gen... more >
NHS Trust set for big savings in shift to digital patient letters

09/09/2020NHS Trust set for big savings in shift to digital patient letters

Up and down the country, NHS trusts are finding new and innovative ways to leverage the power of digital technologies. In Bradford, paper appoint... more >

the scalpel's daily blog

Covid-19 can signal a new deal with the public on health

28/08/2020Covid-19 can signal a new deal with the public on health

Danny Mortimer, Chief Executive, NHS Employers & Deputy Chief Executive, NHS Confederation The common enemy of coronavirus united the public side by side with the NHS in a way that many had not seen in their lifetimes and for others evoked war-time memories. It was an image of defiance personified by the unforgettable NHS fundraising efforts of Captain Sir Tom Moore, resonating in the supportive applause during the we... more >
read more blog posts from 'the scalpel' >

interviews

Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

24/10/2019Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

Today, speaking at the Royal College of General Practitioners (RCGP) annual conference, Matt Hancock highlighted what he believes to be the three... more >
NHS dreams come true for Teesside domestic

17/09/2019NHS dreams come true for Teesside domestic

Over 20 years ago, a Teesside hospital cleaner put down her mop and took steps towards her midwifery dreams. Lisa Payne has been delivering ... more >
How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

24/10/2018How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

A dedicated national social care service could be a potential solution to surging demand burdening acute health providers over the winter months,... more >
RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

24/10/2018RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

The president of the Royal College of Physicians (RCP) has told NHE that the college’s new headquarters based in Liverpool will become a hu... more >

last word

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad, president of the Association of the British Pharmaceutical Industry (ABPI), sits down with National Health Executive as part of our Last Word Q&A series. Would you talk us th... more > more last word articles >

editor's comment

26/06/2020Adapting and Innovating

Matt Roberts, National Health Executive Editorial Lead. NHE May/June 2020 Edition We’ve been through so much as a health sector and a society in recent months with coronavirus and nothing can take away from the loss and difficulties that we’ve faced but it vital we also don’t disregard the amazing efforts we’v... read more >

health service focus

‘We are the NHS’: NHS England publish newest People Plan

30/07/2020‘We are the NHS’: NHS England publish newest People Plan

NHS England has published its People Plan for... more >
How NHS Property Services adapted to a new way of working

01/07/2020How NHS Property Services adapted to a new way of working

From May/June 2020 edition Trish Stephen... more >