Supporting improved cyber security across health and care
NHS Digital has been commissioned by the Department of Health to develop a number of initiatives to help health and care organisations improve their local cyber security.
The recent Review of Data Security, Consent and Opt Outs by the National Data Guardian, Dame Fiona Caldicott sets out 10 clear standards organisations should follow to increase data security. NHS Digital is committed to helping organisations understand how they can put these standards into practice.
NHS Digital, through its Cyber Security Programme, has been increasing awareness of cyber and data security by providing accredited training, supporting local and national awareness events, and by launching the CareCERT Intelligence service in late 2015.
CareCERT has been analysing threat intelligence and broadcasting relevant, focused advisories to health and care organisations since October 2015, with partners in industry and using links across the public sector, including CERT-UK, CESG and CPNI.
Organisations acting upon CareCERT advisories have seen dramatic reduction the volume and impact of issues, while monitoring the NHS Network (N3) is ensuring the health and care system is better protected against cyber attack. To properly secure data and information, CareCERT needs to support local organisations to enhance the strength of their defences and response to ensure cyber readiness today and in the future.
CareCERT consists of three key services, which support stronger cyber security across health and care:
- a national cyber security incident management function
- issuing national level threat advisories, for immediate broadcast to organisations across the health and care sector
- publishing good practice guidance on cyber security for the health and care system
New services launching from September 2016
From September 2016, three new services will be launched; CareCERT Assure, CareCERT React and CareCERT Knowledge. The National Data Guardian Review states that health and care leaders should commit to the new Data Security Standards for Health and Care and these services support your organisation in meeting many of these standards.
CareCERT Assure is a new service offering an assessment of your organisation's cyber security preparedness. You will be given a set of recommendations for removing vulnerabilities and reducing risks to technology and data to help you decide where best to focus efforts and investment for the greatest return.
CareCERT React is a support service to provide professional guidance and advice on the decisive actions to reduce the impact of a data security incident. It will also provide additional information about CareCERT advisories where requested. This builds on the advisories already provided through the existing CareCERT service.
CareCERT Knowledge is a new e-learning service relating to data/cyber security, information governance and information management. The aim is to inform professionals of their personal responsibility for data security.