We are also helping organisations to follow the National Cyber Security Centre guidance on dealing with periods of heightened cyber threat. We provide guidance, assessments and training to the system to help the NHS prepare for cyber incidents and improve its resilience, security culture and improve staff awareness of cyber threats and frauds.
In October 2021, we launched the latest phase of our security awareness campaign called Keep I.T. Confidential. This online cyber security toolkit is designed to help NHS trusts and other healthcare organisations learn about good security practice and the impact it can have on patient safety. The materials have been designed to help NHS organisations run their own cyber security awareness campaigns at a time and in a way that suits them – and keep a focus on practical steps such as setting secure passwords, keeping devices locked when they are not in use, and being aware of phishing and email scams.
The Data Security and Protection Toolkit provides health and care organisations with a way to assess their cyber security resilience against national standards. All organisations that have access to NHS patient data and systems must use the toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. In 2021-22, more than 41,000 organisations published Data Security and Protection Toolkit returns.
Developing strong relationships with suppliers and customers has been critical throughout 2021-22. Our Cyber Associates Network (CAN), managed in partnership with NHS England’s Transformation Directorate, now has more than 2,000 members providing peer-to-peer support. In March 2022, we held the first CAN awards event, showcasing the important work being done to manage and improve cyber security across the NHS. We held 20 webinars to share learning and development across the network and hosted the annual CAN event in October 2021.
We also supported outreach work through CyberFirst, P-TECH, and schools programmes to help inspire the cyber teams of the future. We held our first International Women’s Day event with a panel discussion, bringing together cyber specialists at the start of their careers and more experienced colleagues, and are establishing a Cyber Women’s Network.