Skip to main content

Help us to stay safe and secure

As part of our Keep I.T. Confidential campaign, we've highlighted some examples of cyber security threats that we all need to be aware of.

These common cyber security threats are a risk to the NHS. Understanding them and knowing what to do to lower risks can help to prevent them.


Ransomware is a growing threat across the health and care system and is one of the biggest cyber threats facing the UK today. 

It has affected public services, critical infrastructure, and business around the world. It can also have a direct impact on patient safety and care. 

Our video explains how ransomware could affect you and your organisation: 

Follow our top tips to help protect you from ransomware:

Read our feature about how ransomware can affect organisations and what is being done to combat it:

Be aware of what you share

Sharing NHS information in public spaces or on social platforms puts patient data at risk. Criminals are watching and listening for any details that could help them gain access to NHS data or buildings.

In our ‘Be aware’ video we explain the risks and how you can help to keep information secure:


NHS data is valuable to criminals. They can try to sell it or use it fraudulently.

Data breaches can also lead to fines, disruption to services and reputational damage. 

Make sure you understand and follow the latest guidance around data sharing and keep up to date with your training.

Learn how you can help to keep data safe and secure:

Weak passwords

One of the easiest ways to protect yourself from cyber threats is by having a strong and varied password. They are the best form of defence we have to prevent unauthorised access, so make sure you keep them private and out of sight of others.

Weak passwords risk breaches in patient confidentiality. The longer and more complex your password, the more difficult it is to crack.

The National Cyber Security Centre have published guidance about how we can approach passwords and explain how ‘3 random words’ can help to keep criminals out.


Phishing is when hackers and criminals attempt to trick users into doing ‘the wrong thing’ such as clicking a link or attachment that will download malware (malicious software) or take them to a malicious website. 

Phishing mainly describes attacks that arrive via email. It can trick people into providing access to information, such as patient data, health care records or details of IT systems.

Phishing can hit any person in any organisation. 

Our video talks about staying safe and vigilant against phishing emails:


Tailgating is when unauthorised people gain entry to a building by following a staff member through physical security facilities, such as doors, barriers and gates, to avoid detection.

By letting people follow you, or swiping in unauthorised people, you could risk someone gaining access to and stealing patient data.

Don’t let unauthorised people follow you into restricted areas.

Our video explains why it is important to prevent tailgating and what you can do about it:

Unlocked screens

Unlocked screens are an open invitation to patient data theft.

Locking screens and logging out of systems helps to prevent unauthorised people from accessing sensitive or confidential information.

Keep your screens and devices locked with they’re not in use.

Social engineering

Social engineering involves criminals using tricks or deception to manipulate people into giving access to information such as patient data, health care records or details of IT systems.

A social engineer might call and pretend to be a fellow employee, ask you to hold the door for them, or pose as a friend on social media channels.

Challenge everyone who is unauthorised before giving out information or giving them access to secure areas.

Our video explains how being aware of social engineering tricks can help to keep NHS data secure:

Messy files

Disorganised filing can lead to costly mistakes that can jeopardise patient confidentiality and legal compliance. 

Always keep files organised, up to date and secure. 

Our video explains how messy files can risk patient confidentiality:

Run your own cyber security campaign

You can help to reduce cyber security risks by running your own campaign using our Keep I.T. Confidential campaign resources.

There are 2 versions of our Keep I.T. Confidential toolkit. One for health and one for adult social care to use. 

You just need to download the campaign resources to get started:

Contact us

Contact us to find out more about the campaign and the resources available.

Last edited: 28 September 2023 3:45 pm