Supporting improved cyber security across health and care
NHS Digital has been commissioned by the Department of Health to develop a number of initiatives to help health and care organisations improve their local cyber security.
The recent Review of Data Security, Consent and Opt Outs by the National Data Guardian, Dame Fiona Caldicott sets out 10 clear standards organisations should follow to increase data security. NHS Digital is committed to helping organisations understand how they can put these standards into practice.
NHS Digital, through its Cyber Security Programme, has been increasing awareness of cyber and data security by providing accredited training, supporting local and national awareness events, and by launching the CareCERT Intelligence service in late 2015.
CareCERT has been analysing threat intelligence and broadcasting relevant, focused advisories to health and care organisations since October 2015, with partners in industry and using links across the public sector, including CERT-UK, CESG and CPNI.
Organisations acting upon CareCERT advisories have seen dramatic reduction the volume and impact of issues, while monitoring the NHS Network (N3) is ensuring the health and care system is better protected against cyber attack. To properly secure data and information, CareCERT needs to support local organisations to enhance the strength of their defences and response to ensure cyber readiness today and in the future.
CareCERT consists of three key services, which support stronger cyber security across health and care:
- a national cyber security incident management function
- issuing national level threat advisories, for immediate broadcast to organisations across the health and care sector
- publishing good practice guidance on cyber security for the health and care system
New services launching from September 2016
From September 2016, three new services will be launched; CareCERT Assure, CareCERT React and CareCERT Knowledge. The National Data Guardian Review states that health and care leaders should commit to the new Data Security Standards for Health and Care and these services support your organisation in meeting many of these standards.
CareCERT Assure is a new service offering an assessment of your organisation's cyber security preparedness. You will be given a set of recommendations for removing vulnerabilities and reducing risks to technology and data to help you decide where best to focus efforts and investment for the greatest return.
CareCERT React is a support service to provide professional guidance and advice on the decisive actions to reduce the impact of a data security incident. It will also provide additional information about CareCERT advisories where requested. This builds on the advisories already provided through the existing CareCERT service.
CareCERT Knowledge is a new e-learning service relating to data/cyber security, information governance and information management. The aim is to inform professionals of their personal responsibility for data security.
Become an Early Adopter of the emerging services
NHS Digital's aim is to support you and your organisation in enhancing your data security. We are inviting leaders to involve their organisation in shaping the new services described above.
Benefits of becoming an Early Adopter include:
- independent assessment of your organisation's data security risks
- centrally funded and support assessments
- opportunity to improve protection against data security threats
- access to specialist advice and guidance in the event of data security incidents
- help to shape the future data security services for the wider sector
- increased awareness and visibility of sector wide threats
- improved resilience to diminish the impact of cyber attacks
- opportunity to reduce your organisational data security risk
- increased 'Cyber Preparedness'; your organisation's capability to identify and respond to cyber threats
For more information about these new services and what becoming an Early Adopter will mean, please refer to the supporting information [188kb].
For any queries please email: firstname.lastname@example.org.