NHS staff issued with fresh cyber security guidance

New campaign focuses on password security, phishing, social engineering, and on-site 'tailgating'

NHS Digital has launched an organisation-wide cyber security campaign to provide staff with the most up-to-date guidance on how to avoid and mitigate potential cyber threats and data breaches.

With the NHS being one of the biggest direct and indirect targets for cyber criminals, NHS Digital's 'Keep I.T. Confidential' campaign is hoping to educate the workforce on the impact of cyber security on patient safety and care.

As part of the programme run by NHS Digital's Data Security Centre (DSC), staff will be reminded of a host of key cyber security threats that could compromise the NHS' defences. There will also be information on what actions staff can take to reduce the risk of attack.

"Cyber security is the responsibility of all NHS staff and we want to inspire a cultural change by supporting health and care organisations to embed it in their daily best practice," said NHS Digital deputy chief executive Rob Shaw.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"To do this, we need to support all NHS staff on the direct impact of data security on patient care, and the steps they can take personally to reduce this threat."

Areas to be highlighted include weak password hygiene, phishing scams and business email compromise (BEC), keeping devices unlocked, and social engineering campaigns.

The campaign will also aim to reduce 'tailgating' on NHS sites, the practice of cyber criminals attempting to gain physical access to unauthorised areas by following staff or posing as workers.

Physical infiltration is deemed a major cyber security risk given there are a host of vulnerabilities and exploits that require an attacker to be in close proximity to a target device.

"We know how busy NHS staff are so we are helping them to understand the importance of data security and how it can impact on and benefit their working lives, including patient care," Shaw continued.

"NHS organisations are vast and diverse so Keep I.T. Confidential can be tailored to suit the individual needs of health and care providers and their staff."

Advertisement - Article continues below

Cyber security in the NHS has been given far more attention since the devastating WannaCry outbreak in 2017. Attention has not been sufficient to bolster cyber defences, however, with zero Trusts passing cyber security assessments one year after the incident, according to results from April 2018.

Moreover, the results of a freedom of information request published in December revealed the NHS has been spending as little as 250 on cyber security in some areas. The average spend on training across 159 Trusts was 5,356 throughout 2018, but this varied wildly from between 238 and 78,000, and bore no correlation to the size of Trust or its location.

These findings were highlighted again in July this year, with the Institute of Global Health Innovation (IGHI) urging the government to pump more money into cyber security. Its research suggested this was needed in order to plug existing gaps that render the NHS vulnerable to an attack more destructive than WannaCry.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020