A leader in cyber security

We are widely acknowledged as a leading organisation in the prevention and management of cyber security threats.

The impact of cyber-attacks can be devastating. They can directly affect patient safety and disrupt medical procedures, as well as presenting risks to critical information and confidential data. Purchasing systems and the co-ordination of emergency services could also be under threat.

It is well established that the weakest point of cyber security defences is people, with 95 per cent of all security attacks resulting from human error. Therefore, staff training is an important line of defence.

With this in mind, we have developed an end-user cyber security awareness course to increase staff awareness and embed an effective cyber security culture throughout our supply chain and customers.

We are the first NHS organisation to achieve accreditation from Government Communications Headquarters (GCHQ) in this most critical of areas. Our robust, proactive approach to cyber security ensures peace of mind, and our team’s contribution to managing the WannaCry attack in May 2017 was recognised by a Special Commendation Team Award from South Cheshire and Vale Royal CCGs.

Our cyber security team now sit on the NHS National Security Group – the industry-wide voice of expertise for major, scalable incidents. We collaborate with many other NHS organisations to prevent and defend against future attacks.

We believe that prevention is better than cure, so our strategy focuses on reducing the risk of attack. We have a range of measures to help our customers identify, minimize and prevent threats, ensuring that they always stay ahead of the attackers:

• Cyber security is firmly embedded into our quality systems and organisational culture, with policies and procedures covering user account management, IT network and infrastructure, asset management, and IT disaster prevention and recovery. Policies for mobile working, IT major incident management and change management are currently being developed
• Our GCHQ-accredited end-user cyber security awareness course is a three-hour face-to-face event which ensures that staff meet the required level of understanding
• We achieved Cyber Essentials accreditation in February 2018, and are now working towards Cyber Essentials Plus accreditation
• We have an IG Toolkit Level 2 rating, with 79 per cent compliance. Customers using our IG system, U Assure, achieve 91 to 92 per cent compliance, a level recognised as exemplary
• We have invested in software to force patch updates, so users of management systems and mobile technologies remain safe and up to date
• We reduce risk by applying the best patches and software updates, continuously gathering intelligence and sharing best practice
• Our dedicated cyber security team are responsible for: scheduling software updates, penetration testing, preparing for NHS Digital reviews, managing IG Toolkit requirements, maintaining processes and procedures, prioritising service continuity and assuring CareCERT compliance.