Skip to main content
Threat advice and intelligence

We issue cyber security threat notifications to health and care organisations, ranging from weekly threat bulletins to immediate high-severity alerts.

Threat intelligence bulletins and alerts

Threat intelligence bulletins are issued to users registered on the respond to an NHS cyber alert service in real time when a threat is assessed as high-severity, or weekly via email to anyone registered to receive the cyber alert bulletin.

Additionally, we provide specific, local threat alerts to individual organisations based on information identified via monitoring and threat protection services.


RSS Feed

To keep updated on new cyber alerts subscribe to our cyber alerts RSS feed.

Every low, medium and high severity cyber alert that we publish will be included in this feed.

RSS URI: https://digital.nhs.uk/feed/cyber-alerts-feed.xml

Guidance on subscribing to the feed

There are multiple ways to subscribe, but to help you we have provided some common methods here with links to relevant guidance:


Compromised credentials alerts

We proactively monitor the dark web, looking for potential breaches of NHS email addresses and other personal information. 

When these credentials have been compromised, they are reported to specific organisations to take action.


SMS alerts

In the event of a cyber security incident we can use SMS (text) messaging to provide information and updates to health and care leaders. Messages direct individuals to the very latest guidance and advice.


Contact us

To report an urgent cyber security issue, call 0300 303 5222 or email: carecert@nhsdigital.nhs.uk

For general queries, to sign-up to any of our services or to give us feedback, telephone: 0300 303 5222 or email: cybersecurity@nhs.net

Last edited: 4 August 2021 2:42 pm