Skip to main content

Help us to stay safe and secure

As part of our Keep I.T. Confidential campaign, we've highlighted some examples of cyber security threats that we all need to be aware of.

These common cyber security threats are a risk to the NHS. Understanding them and knowing what to do to lower risks can help to prevent them.


Ransomware

Ransomware is a growing threat across the health and care system and is one of the biggest cyber threats facing the UK today. 

It has affected public services, critical infrastructure, and business around the world. It can also have a direct impact on patient safety and care. 

Our video explains how ransomware could affect you and your organisation: 

Follow our top tips to help protect you from ransomware:

Read our feature about how ransomware can affect organisations and what is being done to combat it:


Be aware of what you share

Sharing NHS information in public spaces or on social platforms puts patient data at risk. Criminals are watching and listening for any details that could help them gain access to NHS data or buildings.

In our ‘Be aware’ video we explain the risks and how you can help to keep information secure:

Be aware of what you share video transcript

NHS data is valuable to criminals.

They are watching and listening for any details that could help them access it which puts our patients’ confidentiality at risk.

So, in public spaces or on social platforms be aware of what you share. 

Don’t share or wear your NHS pass out in public or display it on social media where it can be copied or used to get access to NHS data or buildings.

Avoid discussing any sensitive information in public places. 

And, cover your computer screen if working with any NHS information or data in public spaces.

Be aware with who, what and where you share. 

From offline to online, keep I.T. confidential.


Data

NHS data is valuable to criminals. They can try to sell it or use it fraudulently.

Data breaches can also lead to fines, disruption to services and reputational damage. 

Make sure you understand and follow the latest guidance around data sharing and keep up to date with your training.

Learn how you can help to keep data safe and secure:

Data video transcript

NHS data is valuable to criminals. 

They can try to sell it or use it fraudulently.

Keep up-to-date with your organisation's data protection policy.

And keep up-to-date with your mandatory training, such as Data Security Awareness training.

Report incidents, queries or challenges.

Together we can protect NHS data.

From offline to online, keep I.T. confidential.
 


Weak passwords

One of the easiest ways to protect yourself from cyber threats is by having a strong and varied password. They are the best form of defence we have to prevent unauthorised access, so make sure you keep them private and out of sight of others.

Weak passwords risk breaches in patient confidentiality. The longer and more complex your password, the more difficult it is to crack.

The National Cyber Security Centre have published guidance about how we can approach passwords and explain how ‘3 random words’ can help to keep criminals out.


Phishing

Phishing is when hackers and criminals attempt to trick users into doing ‘the wrong thing’ such as clicking a link or attachment that will download malware (malicious software) or take them to a malicious website. 

Phishing mainly describes attacks that arrive via email. It can trick people into providing access to information, such as patient data, health care records or details of IT systems.

Phishing can hit any person in any organisation. 

Our video talks about staying safe and vigilant against phishing emails:

Phishing video transcript

Phishing is when hackers and criminals send unsolicited emails to trick people into providing access to information.

They may contain harmful attachments or links.

Here are some top tips to avoid phishing.

Tip one. Check the sender's email address to see if it looks legitimate.

Tip two. Check the email for spelling mistakes, poor grammar, and suspicious domain names.

Tip three. Don't click links or attachments from senders you don't recognise. 

Tip four. Don't provide sensitive personal info like usernames and passwords over email. 

Tip five. Send any suspicious emails as an attachment to [email protected] then delete it. 

You can also use the ‘report phishing’ button in Outlook. 

Tip six. If in doubt, seek advice from your local ICT team. 

From offline to online, keep I.T confidential.


Tailgating

Tailgating is when unauthorised people gain entry to a building by following a staff member through physical security facilities, such as doors, barriers and gates, to avoid detection.

By letting people follow you, or swiping in unauthorised people, you could risk someone gaining access to and stealing patient data.

Don’t let unauthorised people follow you into restricted areas.

Our video explains why it is important to prevent tailgating and what you can do about it:

Tailgating video transcript

Tailgating is when unauthorised people gain entry to protected areas by following a staff member through physical security barriers like doors and gates. 

Letting unauthorised people in could lead to them taking patient data or accessing systems.

Here are some top tips to stop tailgating. 

Tip one. Query the status of strangers, if it's safe to do so, especially if they try to follow you into staff areas. 

Tip two. Wear your building pass or ID if issued and ensure it is visible. 

Tip three. Challenge anyone who doesn't display a visible ID badge, if it's safe to do so. 

Tip four. Make sure you shut or lock doors and cabinets, where necessary.

Tip five. Maintain a clear desk policy when away from your work station. 

Tip six. Know who to tell if you see anything suspicious or worrying. 

From offline to online, keep I.T. confidential.
 


Unlocked screens

Unlocked screens are an open invitation to patient data theft.

Locking screens and logging out of systems helps to prevent unauthorised people from accessing sensitive or confidential information.

Keep your screens and devices locked with they’re not in use.


Social engineering

Social engineering involves criminals using tricks or deception to manipulate people into giving access to information such as patient data, health care records or details of IT systems.

A social engineer might call and pretend to be a fellow employee, ask you to hold the door for them, or pose as a friend on social media channels.

Challenge everyone who is unauthorised before giving out information or giving them access to secure areas.

Our video explains how being aware of social engineering tricks can help to keep NHS data secure:

Social engineering video transcript

Social engineering is when criminals use tricks or deception to manipulate people into giving them access to data or systems.

Giving un-authorised or suspicious people access to information or places could risk someone swiping patient data.

A social engineer might use the following tactics:

call and pretend to be a fellow employee, ask you to hold the door for them, or pose as a 'friend' on social media.

Criminals will often research the target organisation to appear legitimate. 

Here are some top tips to stop social engineering. 

Tip one. If a web browser states that you are about to enter an untrusted site, be very careful.

It could be a fake phishing website that has been made to look genuine. 

Tip two. If you see a red padlock or a warning message stating your connection is not private, be careful.

Tip three. Never give your login details to anyone. Your ICT department will never ask you to disclose your password. 

Tip four. Be cautious with sharing information about your work on social media sites, especially on your personal accounts.

Tip five. If in doubt, please seek advice from your local ICT team. 

From offline to online, keep I.T. confidential.


Messy files

Disorganised filing can lead to costly mistakes that can jeopardise patient confidentiality and legal compliance. 

Always keep files organised, up to date and secure. 

Our video explains how messy files can risk patient confidentiality:

Messy files video transcript

NHS patient data is valuable.

Disorganised filing and mistakes, risks patient confidentiality and legal compliance.

Keep files organised, up to date and secure.

Use encryption, password protection, and secure data transfer.

Use appropriate naming conventions, protective security markings, and version control.

Comply with records management policy and retention schedule.

Follow your organisation's policy, procedures and training.

And know your responsibilities under General Data Protection Regulation and Freedom of Information Act UK. 

Together we can protect NHS data.

From offline to online, Keep IT Confidential.


Run your own cyber security campaign

You can help to reduce cyber security risks by running your own campaign using our Keep I.T. Confidential campaign resources.

There are 2 versions of our Keep I.T. Confidential toolkit. One for health and one for adult social care to use. 

You just need to download the campaign resources to get started:


Contact us

Contact us at [email protected] to find out more about the campaign and the resources available.

Last edited: 20 September 2024 10:38 am