Cyber Operations

The Data Security Centre continued to ensure that patient data and information was stored in safe and secure systems by providing a comprehensive range of security services, expert guidance and support to help health and care organisations build cyber security resilience, address vulnerabilities and prepare for and recover from incidents. We provided security assurance on the technical infrastructure that supported the national rollout of vaccinations, as well as securing critical services such as the NHS Spine and NHS.UK. Our partnership with the UK Health Security Agency on protective monitoring and incident management has helped to manage the risk to COVID-19 data and services. 

By giving real-time visibility of cyber threats and issuing high-severity alerts, we keep organisations across health and care abreast of new vulnerabilities. We issued 13 high-severity alerts in 2021-22 and, in December, we supported organisations through one of the world’s largest and most critical vulnerabilities called Log4Shell (or Log4j), which impacted Java applications worldwide. We worked in partnership with the National Cyber Security Centre, NHS England Transformation Directorate and organisations across health and care, to rapidly communicate the importance of managing the vulnerability. We shared information about how it worked to help the wider security community respond.

We continued to enhance the protective monitoring and threat intelligence capabilities of our Cyber Security Operations Centre, improving the tools and technologies that help us identify malicious content and respond quickly and at scale to emerging risks. This allowed us to provide protective monitoring to 3 billion firewall transactions per day through the NHS Secure Boundary service – a free-to-use perimeter security solution that blocks threats as internet traffic moves into or out of networks. It protects 1.6 million devices.

We are also helping organisations to follow the National Cyber Security Centre guidance on dealing with periods of heightened cyber threat. We provide guidance, assessments and training to the system to help the NHS prepare for cyber incidents and improve its resilience, security culture and improve staff awareness of cyber threats and frauds. 

In October 2021, we launched the latest phase of our security awareness campaign called Keep I.T. Confidential. This online cyber security toolkit is designed to help NHS trusts and other healthcare organisations learn about good security practice and the impact it can have on patient safety. The materials have been designed to help NHS organisations run their own cyber security awareness campaigns at a time and in a way that suits them – and keep a focus on practical steps such as setting secure passwords, keeping devices locked when they are not in use, and being aware of phishing and email scams.

The Data Security and Protection Toolkit provides health and care organisations with a way to assess their cyber security resilience against national standards. All organisations that have access to NHS patient data and systems must use the toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. In 2021-22, more than 41,000 organisations published Data Security and Protection Toolkit returns. 

Developing strong relationships with suppliers and customers has been critical throughout 2021-22. Our Cyber Associates Network (CAN), managed in partnership with NHS England’s Transformation Directorate, now has more than 2,000 members providing peer-to-peer support. In March 2022, we held the first CAN awards event, showcasing the important work being done to manage and improve cyber security across the NHS. We held 20 webinars to share learning and development across the network and hosted the annual CAN event in October 2021. 

We also supported outreach work through CyberFirst, P-TECH, and schools programmes to help inspire the cyber teams of the future. We held our first International Women’s Day event with a panel discussion, bringing together cyber specialists at the start of their careers and more experienced colleagues, and are establishing a Cyber Women’s Network.