Skip to main content

The importance of good cyber security during a pandemic

Toby Griffiths, Head of Innovation and Delivery for NHS Digital's Data Security Centre, discusses how we have tackled cyber security issues and how we are addressing 'security debt' brought about by the pandemic.

Healthcare remains a prime target to criminal gangs and hostile states, although attacks tend to be aimed at private health in other countries and not at the NHS. If the NHS is impacted by attacks, it tends to be as a victim of broader activity rather than a focused attack on UK healthcare.

Collage image of woman ensuring her device is protected from cyber security attacks.

The threats

During the pandemic there was a 44% rise in ransomware attacks across the health sector, while other sectors faced a 22% increase in attacks. Attacks on other sectors, however, still have the potential to inadvertently impact the NHS.

This in turn has obvious impacts to patient care and results in huge remediation and clean-up costs.

The Data Security Centre has worked very closely with NHSX and the NCSC to formalise a ‘Cyber COVID-19 response’ work plan to help support frontline organisations reduce risks to people, processes and technology.

We knew that some people experienced a transformative change as they moved to homeworking and that this could introduce new vulnerabilities. We ensured that one of our first priorities was to publish guidance on how to work from home securely, first internally to NHS Digital, then to the wider NHS.

Demand for our services increased and we had to adopt a flexible approach to  relieve frontline operational pressures and give those accountable for good cyber security within their organisation confidence and assurance that they had the right controls and processes in place.

The Tech Remediation Service

We established a Technical Remediation Service to provide frontline organisations with specialist support in identifying critical vulnerabilities in their technology and processes. We also worked closely with NHSX to ensure that organisations had access to funding to replace vulnerable or out-of-date technology.

We focused on ensuring organisations had the right processes and controls in place for backing up data. This is particularly important during a pandemic, as the increase in ransomware attacks can take systems offline.

We also used the Technical Remediation Service to offer more bespoke specialist support to meet individual organisations’ needs, where we already knew what their vulnerabilities were.

The Active Directory is often termed the 'keys to the kingdom' for an attacker.

The service is continuing this year as we still need to address the most serious challenges around backups and ensuring organisations have the right controls in place on their Active Directory, which is highly valuable.

The Active Directory enables administrators to manage permissions and access to network resources so if compromised, can be used to perform reconnaissance, escalate privileges and access data on an organisation’s infrastructure, which is why it is often termed the ‘keys to the kingdom’ for an attacker.

We have also strengthened our incident response service from the Security Operations Centre (SOC) to support organisations when they experience an incident to get back up and running as quickly as possible.

We saw a 147% increase in the number of external incidents supported over a comparative six month period from 2019 to 2020, and we were able to respond quickly to support these incidents when they occurred.

Setting up the Security Operations Centre for NHS Test & Trace

Behind the scenes, we supported NHS Test & Trace (T&T) by establishing a standalone Security Operations Centre (SOC) to provide dedicated threat intelligence and incident response.

We’re now in the process of transitioning this service into business-as-usual activity within our national SOC for healthcare. We also made sure our national SOC had visibility and monitoring on data feeds from critical national technology services, such as Covid App, DaSH (Data Science Hub), National Booking Service, and NHS App, enabling us to proactively detect threats and incidents.

Keeping the vaccine rollout safe

Our specialist security services team also provided security assurance on the technical infrastructure that supported the rollout of vaccinations to the general public. Compromise of these systems could have been catastrophic to the government’s rollout plan of vaccinations vital in the fight against COVID-19.

Security debt

As you might imagine, all of this was delivered at pace by a combination of teams from different organisations in the NHS, to try and stay ahead of the security risks that we saw increasing during the pandemic.

We are still working hard to address security debt, which resulted from cyber security concerns often taking a back seat in NHS organisations as they were faced with an exponential increase in patients needing care.

Security debt results in risks and vulnerabilities to the infrastructure that supports healthcare, and so as we emerge from the pandemic we need to remind people why good cyber security is so crucial to the effective running of a hospital or a trust.

Related subjects

John Noble, the non-executive director who leads on information and cyber security for the NHS Digital Board, looks at the cyber threat facing the NHS as it deals with the coronavirus (COVID-19) pandemic.


Last edited: 10 February 2022 9:33 am