We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
23 November 2017
NHS Digital has established an additional effective system to deliver essential cyber security updates across the whole NHS.
During major security incidents, we can now send Data Security alerts and updates by using short message service (SMS) alerts, following a successful pilot. Contacts in Acute, Ambulance and Mental Health Trusts, Clinical Commissioning Groups and Commissioning Support Units can receive the alerts through this additional channel.
SMS will be used to issue an alert to highlight a high severity security incident, followed by another which signposts colleagues to NHS Digital's external website for the latest information from the Data Security's specialist team. The Data Security centre works closely with the National Cyber Security Centre (NCSC) during major incidents and analyses multiple intelligence sources to ensure that users are provided with expert guidance.
The alerts are sent using the free government alert service, GOV.UK Notify. Messages can be sent to NHS organisations across the country without the need for NHS Mail or any other national applications.
The team is also working with the National Cyber Security Centre (NCSC) to establish a professional network of IT and security professionals in health and care who could share invaluable insights during a cyber-attack in a secure online environment. .
The pilot uses the NCSC Cyber Security Information Sharing Partnership (CiSP) forum, which is already used to discuss local challenges, recommendations and good practice but has the added benefit of being able to add private groups. In the event of a large-scale incident, representatives from affected organisations can be invited to a closed group to discuss their situation in a private and secure setting, with the ability to receive intelligence that could not be openly shared.
Toby Griffiths, Innovation & Development Lead at the Data Security Centre, said: "Finding a secure way to communicate nationally with NHS organisations during a major incident was a priority for us following the WannaCry incident in May.
"SMS was identified as an appropriate solution following feedback from users affected by WannaCry, as it offers an additional level of resilience beyond the standard channels used for sharing Data Security Centre's updates. We want to take that a step further by building a professional network across the NHS through online collaboration. The NCSC forum allows us to share information securely that we might not otherwise be able to share.
"The Data Security Centre is the official source of advice, guidance and national incident response for data security in health and care. Strengthening our communications in this way will ensure that key contacts are receiving critical updates during major incidents, especially when they might not have access to their email or work computer."
Any organisation not already signed up through the Data Security Centre should request sign-up by emailing email@example.com
Follow us on Twitter: @NHSDigital
1. NHS Digital is the national information and technology partner of the health and care system. Our team of information analysis, technology and project management experts create, deliver and manage the crucial digital systems, services, products and standards upon which health and care professionals depend. During the 2016/17 financial year, NHS Digital published 292 statistical reports. Our vision is to harness the power of information and technology to make health and care better.