We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Effective cyber security has never mattered so much
John Noble, the non-executive director who leads on information and cyber security for the NHS Digital Board, looks at the cyber threat facing the NHS as it deals with the coronavirus (COVID-19) pandemic.
- Author:
- Date:
-
3 August 2020

John Noble
I come from a family of doctors, nurses and social workers so the NHS has always been a priority for me. There are few places where it is more important to ensure our cyber defences are strong.
I first worked with the NHS as Director of Incident Management at the National Cyber Security Centre (NCSC) at the time of the WannaCry incident, which was a fascinating, but also a worrying experience. Though the attack was not targeted specifically at the NHS, we are all aware of the impact it had.
As the weekly NCSC threat report highlights, we should be in no doubt that there are groups and individuals who want to target the NHS and other healthcare organisations. Of great concern are ransomware attacks mounted by large and sophisticated criminal groups.
There are always going to be more opportunities for business email fraud when people are working remotely.
These have already impacted many organisations, including hospitals and companies who are within the NHS's supply chain. A significant ransomware attack in the current climate would have major implications for the healthcare system, so that's the area we are particularly focussed on.
But we must also be prepared for other hostile actors. There are always going to be more opportunities for business email fraud when people are working remotely, and we are seeing an increase in lower-level criminals using the coronavirus crisis to exploit that fact.
The importance of ensuring that critical NHS systems remain available has never been greater.
As the Director of GCHQ recently explained, there are also nation states who are using cyber during the pandemic to promote their national interest. The importance of ensuring that critical NHS systems remain available has never been greater.
In the WannaCry aftermath, a lot of criticism was levelled at the NHS, but I think it's important to remember how difficult it can be in any organisation, but particularly in healthcare, to strike the right balance between security, usability and cost.
We have to understand what already exists, so everyone has a consistent baseline. As we seek to improve cyber security standards, NHS Digital's role is very much an enabler rather than an enforcer. A partnership approach will always be the best way to tackle these sort of challenges.
It is critical that during the ever-increasing digitalisation of the health and care system, we always remain alert to the heightened risks of cyber attacks.
The NCSC is working very closely with NHS Digital whilst continuing to adhere to all its usual information governance and security safeguards. Sensitive data about patients must only be shared with those who have a real need to see it.
It is critical that during the ever-increasing digitalisation of the health and care system, we always remain alert to the heightened risk of cyber-attacks. I would like to thank everyone in the NHS who is involved in cyber security and information governance. They are playing a vital role in keeping our systems and everyone's data safe. Never has that mattered more.
Related subjects
-
We help NHS organisations to manage and improve their cyber security.
-
NHS Digital's Peter Robinson takes us through his journey from apprentice to professional within the Cyber Security team.
-
Hackers and cyber attacks feature in many films and television programmes, but are these portrayals accurate? Hecham Mrabet, cyber security specialist at NHS Digital, gives us a behind-the-scenes look at how a cyber security centre runs in real life.
-
Cyber security still has an out-dated image of being a masculine profession. Charlotte Roe, Cyber Security Apprentice at NHS Digital, talks about her job and why women are needed in the world of cyber.