We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Does cyber security have to be painful?
Dan Jeffery, Head of Innovation, Delivery and Business Operations at NHS Digital’s Data Security Centre, explains how automation within NHSmail is delivering improved cyber security.
- Author:
- Date:
-
6 January 2020

One of our basic principles in NHS Digital’s Data Security Centre is ‘don’t reinvent the wheel.’
Our work with NHSmail over the past year is an example of how we can improve the security, identity verification and user experience of one of the NHS’s key communications tools without ripping up the foundations and causing disruption to users.
NHSmail is more than just an email service. The system manages the identities of all users within the Microsoft Active Directory in the NHS and allows local administrators to manage accounts within the NHSmail portal.
Typically, NHS organisations will manage local identities within their own Active Directory and use the NHS Electronic Staff Record for workforce management, including the on-boarding and off-boarding of employees.
With more than 13,000 health and care organisations in England and Scotland using NHSmail and 64,000 movements of user accounts every month, the burden is real and the security implications relating to identity are acute.
This may all sound straightforward and a bit technical, but the reality is that all of this has put significant burden on back offices across the NHS. Local organisations have had to manually manage employees that join, move or leave their roles within NHSmail, as well as their local active directories and Electronic Staff Record.
These enhancements are complemented by continued filtering and monitoring of spam and malicious activity at the NHSmail gateway. On average, we stop about 500 million malicious events every three months.
There is still a lot more we can do to improve user experience and data security on the NHS’s communications systems. As part of our work to support the NHS Cyber Programme and deliver NHSX’s Tech Vision and Long-Term Plan, we will continue to work to improve cyber preparedness and capability while relieving pressure on local teams.
Related subjects
-
Sign in to your secure NHS email. NHSmail is a secure email service approved for sharing sensitive information.