NHS cyber security

NHS launches major change to data security benchmarking

In a significant change to how health and social care organisations measure and self-report their cyber security posture, NHS England (NHSE) and the national data guardian (NDG) have jointly announced that the NHS Data Security and Protection Toolkit (DSPT) will transition away from using the NDG’s 10 data security standards as its underpinning assessment mechanism.

The National Cyber Security Centre’s Cyber Assessment Framework (CAF) will instead be used, given its “more advanced approach”. The transition started yesterday (2 September), first with ‘large’ NHS organisations who have already been informed of the switch.

When it is everybody else’s turn to complete the transition, NHSE will similarly inform them.

The 10 data security standards

The 10 data security standards were conceived in 2016 as part of the NDG’s review of data security, consent and opt-outs, before being adopted as the benchmark for the DSPT in 2018.

The government says the standards have been essential in protecting patient information by focusing on three key areas:

  • People
  • Process
  • Technology

Comment from national data guardian, Dr Nicola Byrne

The adoption of CAF was set out in last year’s cyber strategy, evolving the approach in two key ways.

A high bar of achievement (in comparison to previously) will now be in place and organisations will have a long-term roadmap for annual improvements.

The new DSPT will also centre around achieving outcomes, rather than merely passing or failing defined security controls, in turn enhancing local autonomy.

Advancing data security standards

“I fully support this transition to the CAF,” said NDG, Dr Nicola Byrne. “It represents a positive evolution, offering organisations a more current framework for evaluating and improving their data protection and cyber resilience.

“I remain committed to supporting NHS England in maintaining and advancing the highest standards of data security across health and care.”

The infamous WannaCry ransomware attack cost the NHS almost £100m in lost activity back in 2017. More recently, several sites in London were impacted when a cyber-attack hit lab services provider, Synnovis.

The attack occurred in early June and, a month later, the two most affected trusts (King’s College Hospital and Guy’s and St Thomas’) have been forced to postpone 6,200 acute outpatient appointments and 1,500 elective procedures collectively.

The NDG, NHSE, and the Department of Health and Social Care say they will continue to collaborate on the development and implementation of CAF.

Image credit: iStock

NHE September / October 2024

NHE September / October 2024

Join the conversation shaping the future of healthcare.

Click below to read more!

More articles...

View all
Online Conference

Presenting

2024 Online Conferences

In partnership with our community of health sector leaders responsible for delivering the UK's health strategy across the NHS and the wider health sector, we’ve devised a collaborative calendar of conferences and events for industry leaders to listen, learn and collaborate through engaging and immersive conversation. 

All our conferences are CPD accredited, which means you can gain points to advance your career by attending our online conferences. Also, the contents are available on demand so you can re-watch at your convenience.

National Health Executive Podcast

Listen to industry leaders on everything within healthcare

Whether it's the latest advancements in medical technology, healthcare policies, patient care innovations, or the challenges facing healthcare providers, we cover it all.

 

Join us as we engage with top healthcare professionals, industry leaders, and policy experts to bring you insightful conversations that matter.