Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

Cyber security is a patient safety issue

Cyber security is more than ‘just an IT issue’; it’s ultimately about keeping patients safe.  Chris Day, Cyber Clinical Informatics Manager, discusses his role in embedding clinical safety deeper into our cyber security strategies. 

A quick internet search reveals a myriad of examples of the damage caused when cyber security is breached in healthcare organisations.  These examples may seem like the far-away plot of a Bond movie - after all, who’d want to interfere with patient care? Sadly, in today’s digital world, cyber threat is a very clear and present danger.   

Chris Day sits at a table in the Leeds office with data charts on a screen

Whatever the motive for cyber attacks – money, politics, a grudge or simply to see if it’s possible – damage to patient care is the ultimate consequence. They block access or release sensitive patient information, causing confusion, distress, and uncertainty. Ultimately, this leads to delayed treatment and errors within patient care.  

With digital ways of working making huge strides across healthcare, we need to make sure we’re balancing the benefits of the digital revolution with robust cyber security measures that have clinical safety at heart.  

That’s where my role comes in. 

Championing a clinical view of cyber security 

A physiotherapist by clinical background since 2009, I moved to an IT clinical change management role in 2018. Since qualifying, I have worked for various acute and community trusts across the UK.  

Primarily, my work has involved supporting trusts to implement new systems, services and ways of working that help improve patient care, such as implementing an Electronic Patient Record (EPR) system. 

In August 2022, I moved to NHS Digital to look at how we can embed clinical safety deeper into every aspect of our cyber security strategy.  

Ensuring an overarching presence 

Our approach is twofold: making sure our defences are as robust as possible so that cyber attacks are difficult to carry out, and making plans to efficiently resolve the clinical impact if something does happen.  

Over the next 12 months, we’ll be homing in on the link between cyber and clinical safety while increasing cultural awareness of the clinical implications of cyber within NHS Digital, the new NHS England and the wider healthcare system.  

Initially, we're looking inwards by reviewing our cyber directorate’s business plan, ensuring clinical safety has an overarching presence. We then want to share this as an example of best practice to show trusts and other healthcare teams how cyber security and clinical safety can work together.  

To make this happen, I’m working with various people across NHS Digital, NHS England, the Department of Health and Social Care and beyond - including safety engineers in our Clinical Safety Team, our Chief Medical Officer, the Associate Director for Cyber Security, delivery leads, and many more colleagues in lots of different areas.   

Simplifying cyber security 

A key part of our work is going to be raising awareness - particularly among clinical colleagues - of the critical link between cyber and patient safety. We also need to ensure information is available in ways people can use. Often, my healthcare colleagues are simply unsure where accurate information is available and don't have time to search for it. 

Our initial plans to help raise awareness and keep colleagues up-to-date include digital training packages that can be completed on smartphones, buddy arrangements between IT experts and healthcare teams, embedding cyber security in clinical job role training, and finding more ways to make cyber security information easy to digest and readily available.  

But we want to do more than just provide information to promote change. We need to enable our workforce to assist in the fight against cyber threats, reassuring them that they’re working in cyber-safe ways and giving them the confidence to speak up if they encounter suspicious activity. 

It’s increasingly important for us to look beyond the technical elements of cyber security.  

A lot of this comes down to habit – regularly washing our hands, for example, is something clinical teams do without thinking much about it. Cyber security measures also need to become second nature. Remembering to lock computer screens, being aware of the latest tactics from cyber criminals and how to combat them and knowing how to report suspicious activity are a few examples of small steps that can make a huge difference. 

Central monitoring of the vast IT infrastructure across health and care and advising on the safest software will always be a huge part of our cyber security strategy. But it’s increasingly important for us to look beyond the technical elements of cyber security.  

We will all need to work together to combat the ongoing danger of cyber threats. That’s why, alongside our robust and ever-evolving technical security, we’re focusing on how the fantastic people within healthcare will always be our first line of defence.  

October is Cyber Security Awareness Month, providing a great opportunity to refresh our understanding of cyber security and what it means to all of us.  

Take a look at everything we’re sharing over the month and how you can get more involved in our ongoing cyber conversations.

Related subjects

We protect our NHS and care organisations from cyber attacks and we monitor for new threats 24 hours a day. Our teams support organisations across the NHS with advice, assessments, and training.
Toby Griffiths, Head of Innovation and Delivery for NHS Digital's Data Security Centre, discusses how we have tackled cyber security issues and how we are addressing 'security debt' brought about by the pandemic.


Last edited: 29 November 2023 12:41 pm