Sergey Nivens - Fotolia
NHS Digital is launching three cyber security services, which will be rolled out to NHS health and care organisations.
The services have been created by the organisation’s cyber security arm, CareCert, which launched in 2015.
The programme aims to enhance cyber resilience across health and social care by providing incident broadcasts, training and resources to health and care providers.
Security training for NHS staff
One of the services is an e-learning portal called CareCert Knowledge, which will aim to help health and care organisations train staff in “cyber security basics”.
Earlier this year, Dan Taylor, programme director for CareCert, told Computer Weekly that the portal was designed to encourage people to understand their personal responsibility for data security, through which all guidance and best practice would be issued.
NHS Digital worked with Health Education England to develop content for the portal, which, along with the other services, will start being tested this month.
Cyber security assessment and improvement
NHS Digital is also launching CareCert Assure, which is designed to help organisations assess their cyber security measures against the standards set by industry. It will also provide recommendations on how to improve data security.
The third service to launch is CareCert React, which will function as a support service, providing professional guidance on actions to reduce the effect of data security incidents and restore security as soon as possible.
CareCert consumes intelligence information on cyber security threats from a range of sources before triaging the information. Depending on the likelihood of impact, CareCert will issue a broadcast, the type of which will vary according to the level of risk.
“If we believe there is high risk, we will issue the broadcast there and then, after the right governance is in place, which we normally get in four hours,” Taylor previously told Computer Weekly.
“The broadcast will say there is vulnerability in one of the threat vectors, why it is impacting your organisation and the action the organisation needs to take.”
Digital security improvements
Commenting on the launch of the services, NHS Digital chief executive Andy Williams said they were designed to improve digital security across health and care organisations and their staff.
“Good digital security is key to all roles in health and care, and we want to give NHS organisations the benefit of our expertise in this area so that we can promote best practice across the sector,” he said.
“We want to work with as many organisations as possible, and are seeking their feedback, so we can develop and test them according to organisations’ particular needs.”
Healthcare security standards
Earlier this year, the Care Quality Commission, in partnership with national data guardian Fiona Caldicott, set out 10 new data security standards that will apply to all organisations holding health and care information.
The standards include ensuring technology is secure and up to date, and that people are equipped to handle information safely and that staff have proper training and understand their responsibilities.
The review also recommended that NHS England changes its financial contracts to require organisations to take data security standards into account.
Read more about cyber security in health and social care
- NHS IT managers think security measures in the NHS are stronger than they actually are, according to a Sophos study.
- A US hospital reveals that, after a week of being offline, it caved in to ransomware demands to restore access to its computer systems.
- Health and care organisations should not be afraid to acknowledge that cyber attacks will happen, but must be ready to handle breaches, says CareCert’s programme head.