It is quite simple: we now rely on healthcare technology to provide safe patient care. Cyber attacks can compromise access to this technology. Therefore, cyber security and clinical safety go hand in hand.

While the whole of health and social care is progressively exploring the benefits of digital ways of working, the NHS in particular cannot work without digital. Everything we do involves a digital transaction of one sort or another, which means that the impact of a healthcare system not being available for even an hour puts our systems, staff and patients at risk.

It is no secret that our health and care system is under a lot of pressure. If we’re not investing time and funding in creating diligent cyber security measures, we risk those precious resources being diverted into fixing issues that could have been prevented.

A vital part of this is educating staff in staying cyber safe; every member of staff is equally important. Just a few of us understanding cyber security isn’t enough; cyber security habits need to become second nature to us all – and not just in Cyber Security Awareness Month.

Here are some thoughts on how we need to talk about cyber security to achieve this:

We know that, just like health and safety, every one of us has a responsibility for cyber security – no matter what role, department or organisation we’re in. Trees grow from little seeds, and it's all the seemingly ‘small’ things working collectively as one that makes the largest difference. So, one of the best ways to support our busy healthcare professionals in meeting their responsibilities is to talk about cyber security simply, regularly and often, embedding these discussions into our everyday lives. NHS Digital has a useful toolkit to help us take small steps to protect ourselves from cyber threats and keep patient data safe and accessible.

The good news is that many of the cyber security habits that protect our healthcare environments are just as relevant to our personal lives. That means engaging our people with ways to keep them and their loved ones safe at home can pay dividends in the workplace. For example, it’s easy to see how learning to keep your smartphone cyber safe would be useful, and the habits we build from this learning will naturally transfer to the work environment.

Knowing enough to recognise suspicious activity is just one side of the coin; we also need to know how to report anything that doesn’t look right, no matter how ‘minor’ the activity may seem. Suspicious emails, for example: taking a few moments to report one may save thousands of colleagues from falling victim to it. Regular reminders on the correct reporting routes are imperative; as well as the national channels, NHS organisations are asked to report suspicious activity to [email protected] and for social care staff, it's [email protected]. 

In healthcare, we don’t just want to get things right most of the time; we want to get things right every time. Of course, we’re all human, and, if we do get something wrong – for example, mistakenly responding to a phishing email – it is just as vital to report it as with a clinical error. People must feel safe to speak up so issues can be fixed. The balance between emphasising the importance of individual responsibilities and avoiding a blame culture can be tricky but it is essential we get it right.

At NHS Digital, my team and I are continually working with our cyber and data security experts to ensure clinical safety has an overarching presence in the national effort to protect our NHS and care organisations from cyber attacks. But everybody across the healthcare system – nationally, locally and individually – must work together if we are going to effectively meet this ongoing challenge. We have many resources to help.