Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

Effective cyber security has never mattered so much

John Noble, the non-executive director who leads on information and cyber security for the NHS Digital Board, looks at the cyber threat facing the NHS as it deals with the coronavirus (COVID-19) pandemic.

I come from a family of doctors, nurses and social workers so the NHS has always been a priority for me. There are few places where it is more important to ensure our cyber defences are strong.

I first worked with the NHS as Director of Incident Management at the National Cyber Security Centre (NCSC) at the time of the WannaCry incident, which was a fascinating, but also a worrying experience. Though the attack was not targeted specifically at the NHS, we are all aware of the impact it had.

Head and shoulders picture of John Noble who leads on cyber security on the NHS Digital board

John Noble

As the weekly NCSC threat report highlights, we should be in no doubt that there are groups and individuals who want to target the NHS and other healthcare organisations.  Of great concern are ransomware attacks mounted by large and sophisticated criminal groups.

These have already impacted many organisations, including hospitals and companies who are within the NHS's supply chain. A significant ransomware attack in the current climate would have major implications for the healthcare system, so that's the area we are particularly focussed on.

But we must also be prepared for other hostile actors. There are always going to be more opportunities for business email fraud when people are working remotely, and we are seeing an increase in lower-level criminals using the coronavirus crisis to exploit that fact.

The importance of ensuring that critical NHS systems remain available has never been greater.

As the Director of GCHQ recently explained, there are also nation states who are using cyber during the pandemic to promote their national interest. The importance of ensuring that critical NHS systems remain available has never been greater.

In the WannaCry aftermath, a lot of criticism was levelled at the NHS, but I think it's important to remember how difficult it can be in any organisation, but particularly in healthcare, to strike the right balance between security, usability and cost.

After WannaCry

After WannaCry, NHS Digital, working with the Department of Health and Social Care, developed a programme of work to support trusts that resulted in the creation of:

  • a Cyber Security Operations Centre, which blocks around 21 million items of malicious activity every month
  • a network of Cyber Associates to own and advise on cyber security within the NHS, with over 1,000 members in 700 NHS organisations
  • the Data Security and Protection Toolkit (DSPT), which means that all NHS and social care organisations are working towards the same national standards
  • the creation of regional leads to support local delivery of cyber security
  • the provision of licences to enable all NHS Trusts to upgrade to Windows 10, a key part of which is the provision of Microsoft’s Advanced Threat Protection (ATP). This now provides endpoint security across 1.3 million connected devices, giving the NHS a view on cyber threat status and vulnerabilities, both locally and nationally.
  • NHS Digital also launched NHS Secure Boundary, a centrally funded solution that protects NHS organisations from the most sophisticated cyber threats

We have to understand what already exists, so everyone has a consistent baseline. As we seek to improve cyber security standards, NHS Digital's role is very much an enabler rather than an enforcer. A partnership approach will always be the best way to tackle these sort of challenges.

An opportunity to tackle key cyber risks

The crisis has enabled many technological initiatives to be developed at pace such as enabling people to create self isolation notes through the NHS 111 online service and participate in online consultations with their GPs.

At the same time, the crisis has opened up an opportunity to address key cyber risks. NHS Digital has been working closely with the NCSC and NHSX to create a COVID-19 Cyber Action Plan.

If a vulnerability is reported in a trust, approved commercial companies can offer on-site support much quicker under a contract operated by our Data Security Centre, giving the trusts and Clinical Commissioning Groups (CCGs) the additional resource and expertise they may need to defend themselves.

It is critical that during the ever-increasing digitalisation of the health and care system, we always remain alert to the heightened risks of cyber attacks.

The NCSC is working very closely with NHS Digital whilst continuing to adhere to all its usual information governance and security safeguards. Sensitive data about patients must only be shared with those who have a real need to see it.

It is critical that during the ever-increasing digitalisation of the health and care system, we always remain alert to the heightened risk of cyber-attacks. I would like to thank everyone in the NHS who is involved in cyber security and information governance. They are playing a vital role in keeping our systems and everyone's data safe. Never has that mattered more.

Related subjects

NHS Digital's Peter Robinson takes us through his journey from apprentice to professional within the Cyber Security team.
Hackers and cyber attacks feature in many films and television programmes, but are these portrayals accurate? Hecham Mrabet, cyber security specialist at NHS Digital, gives us a behind-the-scenes look at how a cyber security centre runs in real life.
Cyber security still has an out-dated image of being a masculine profession. Charlotte Roe, Cyber Security Apprentice at NHS Digital, talks about her job and why women are needed in the world of cyber.


Last edited: 22 December 2021 1:41 pm