We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
How we're improving cyber security
As we kick off Cyber Security Awareness Month, NHS Digital’s Interim Chief Information Security Officer Dan Pearce explains how NHS cyber security has been strengthened over the past two years.
- Author:
- Date:
-
8 October 2019

Over the last two years, the NHS has embarked on one of the most ambitious and aggressive cyber security programmes seen in any health and care system in the world.
A huge amount of work has been done, both at the local and national level, and we have seen significant improvements in three key areas:
We know that more still needs to be done to maintain the safety, privacy and trust of patients as we improve our health and care system’s use of data and digital technology, but we have made significant progress in several key areas.
We cannot be complacent. The threat we face is growing and constantly changing – and it will require a continued and concerted effort across the health and care system to effectively combat it.
In September 2019, we announced a new Secure Boundary deal with Accenture to deliver additional security monitoring and prevention defences for the multiple internet connections in use across the system. We now provide threat scanning tools for internet-facing services run by local organisations and have also opened up online training licenses for IT and security staff to improve skills across the system.
A key recommendation from the NHS CIO’s WannaCry report was for all large NHS Organisations (422 as of August 2019) to achieve CE+ certification by June 2021. NHS Digital itself has been conducting on-site security assessments across the NHS trusts. This assessment covers compliance with the Cyber Essentials and IT HealthCheck standards and produces a score based on the readiness of an organisation to be CE+ certified. Since the NHS CIO’s recommendation, the average readiness score has risen from 48% at the time of the CIO’s report to 70% in September 2019.
Related subjects
-
NHS Digital's Peter Robinson takes us through his journey from apprentice to professional within the Cyber Security team.
-
Hackers and cyber attacks feature in many films and television programmes, but are these portrayals accurate? Hecham Mrabet, cyber security specialist at NHS Digital, gives us a behind-the-scenes look at how a cyber security centre runs in real life.
-
Cyber security still has an out-dated image of being a masculine profession. Charlotte Roe, Cyber Security Apprentice at NHS Digital, talks about her job and why women are needed in the world of cyber.