Cyber security

The Cyber Security Programme is working to ensure that measures are actively in place to protect NHS assets and services, including those commissioned by NHS England. The aims of the programme are:

  • To enact lessons learned from the May 2017 cyber security incident
  • To ensure that actions related to “Critical” CareCERT alerts are completed
  • To provide assurance that cyber security is being considered at board level and managed as an ongoing board level risk.

The programme is working with colleagues in NHS Digital and NHS Improvement to ensure that Trusts, CCGs and CSUs are aware of their accountabilities and responsibilities and undertake cyber security actions, including:

  • Completing independent assessments organised through NHS Digital.
  • Ensure the outcome of cyber security assessments are acted upon, to mitigate risks
  • Ensure that the 39 Critical alerts have been actioned within each organisation and subsequent critical/high alerts, or that plan is in place to action the responses before the end of October
  • Ensure that organisations subscribe to NHS Digital CareCERT Collect, act on advisories when they are issued, and submit remediation plans.

The programme work-streams will deliver outputs in relation to cyber security that assist in the management of future incidents, provide assurance on the readiness of NHS England assets and services, embed cyber security in local leadership at board level are protected for cyber security, investment is allocated to mitigate risks, and that the necessary requirements are included within contracts for 2017/18.

Find out more

For further information, please email england.cyber@nhs.net.