Latest on
Twitter
Latest
News & Views
- Why some communities may be at risk of lower vaccine uptake
- Knowing our patch: Free demographic and health inequalities analysis
- Blog: How to support primary care services with their accounting – they really need help right now
- Our app helps fill the locum gap for GP practices – and is now even easier to procure
- Free model can help you reduce queueing and ease flow at COVID-19 vaccine clinics
- GPs are saving time and money with our GP locum app
- Supporting the health and wellbeing of our people is a top priority
- Helping the Lancashire and South Cumbria Integrated Care System vaccinate patients against COVID-19
- “The joy of data driving improvement”: end of life analysis welcomed by experts
- Blog: Do you want to improve patient care? Finance teams can make a difference
- The challenges of building an ICS – and the solutions
- Blog: Planning for the people you might see tomorrow
- December platform:x webinar: The peaks and pitfalls of building an ICS
- How a short, sharp improvement project can have sustainable impact
- Blog: Dangerous analytics and how local analysts can save you!
We are widely acknowledged as a leading organisation in the prevention and management of cyber security threats.
The impact of cyber-attacks can be devastating. They can directly affect patient safety and disrupt medical procedures, as well as presenting risks to critical information and confidential data. Purchasing systems and the co-ordination of emergency services could also be under threat.
It is well established that the weakest point of cyber security defences is people, with 95 per cent of all security attacks resulting from human error. Therefore, staff training is an important line of defence.
With this in mind, we have developed an end-user cyber security awareness course to increase staff awareness and embed an effective cyber security culture throughout our supply chain and customers.
We are the first NHS organisation to achieve accreditation from Government Communications Headquarters (GCHQ) in this most critical of areas. Our robust, proactive approach to cyber security ensures peace of mind, and our team’s contribution to managing the WannaCry attack in May 2017 was recognised by a Special Commendation Team Award from South Cheshire and Vale Royal CCGs.
Our cyber security team now sit on the NHS National Security Group – the industry-wide voice of expertise for major, scalable incidents. We collaborate with many other NHS organisations to prevent and defend against future attacks.
We believe that prevention is better than cure, so our strategy focuses on reducing the risk of attack. We have a range of measures to help our customers identify, minimize and prevent threats, ensuring that they always stay ahead of the attackers:
- Cyber security is firmly embedded into our quality systems and organisational culture, with policies and procedures covering user account management, IT network and infrastructure, asset management, and IT disaster prevention and recovery. Policies for mobile working, IT major incident management and change management are currently being developed
- Our GCHQ-accredited end-user cyber security awareness course is a three-hour face-to-face event which ensures that staff meet the required level of understanding
- We achieved Cyber Essentials accreditation in February 2018, and are now working towards Cyber Essentials Plus accreditation
- We have an IG Toolkit Level 2 rating, with 79 per cent compliance. Customers using our IG system, U Assure, achieve 91 to 92 per cent compliance, a level recognised as exemplary
- We have invested in software to force patch updates, so users of management systems and mobile technologies remain safe and up to date
- We reduce risk by applying the best patches and software updates, continuously gathering intelligence and sharing best practice
- Our dedicated cyber security team are responsible for: scheduling software updates, penetration testing, preparing for NHS Digital reviews, managing IG Toolkit requirements, maintaining processes and procedures, prioritising service continuity and assuring CareCERT compliance.