Skip to main content

Cyber Security Operations Centre (CSOC)

Cyber threats are relentless. But so are we.  

Learn how your organisation can take specific action to make use of CSOC’s support. You can also speak to your cyber regional lead.


Who are CSOC

CSOC is part of the central cyber security team for the NHS.

We protect healthcare systems from cyber attacks and monitor for new threats 24 hours a day.

CSOC is not a regulator. Instead, we act as an enabler, helping leaders and employees across the system to deliver better cyber security within their health and care organisations.

Our deep cyber expertise keeps healthcare systems available, and our team includes sophisticated analysts, threat-hunters and intelligence gatherers.

You’ll find us in the Cyber Operations function at NHS England.

You can read about the cyber security strategy for health and adult social care to 2030


Why we're here

Cyber crime threatens patient safety. It can be a matter of life or death.

That’s why our mission is to support healthcare and keep vital digital systems and services running.

We’re also here because central investment makes the best use of scarce NHS resources; leveraging centrally funded products and services releases local funding to be addressed to meet your other priorities.


We're here to help






Make use of CSOC’s support

1. Improve CSOC’s visibility of your organisation’s network

24 hours, 7 days of the week, 365 days of the year, CSOC monitors the NHS system for security incidents, using tools such as NHSmail, the Microsoft XDR suite including Microsoft Defender for Endpoints (MDE) Secure Boundary, The Health and Social Care Network (HSCN), and NHS England’s nationally hosted services.

As part of this work we monitor a range of feeds, triage alerts, collate intelligence, and raise incidents as needed.

Your organisation’s local deployment of Microsoft Defender for Endpoints (MDE) and Secure Boundary is key to this work and elevates the protection CSOC can offer.

These tools enhance the visibility CSOC needs to help protect your organisation locally as well as the NHS system as a whole.

By using NHSmail, your organisation benefits from the Microsoft XDR suite, where your Endpoints, Identity, Office 365 and email workloads are security monitored by CSOC.

Action for your organisation

Review your organisation’s use of our centrally funded security management products. More information about NHS Secure Boundary Microsoft Defender for Endpoint is available on our website. 
Or you can speak with your cyber regional lead.

2. Respond with our incident management specialists

CSOC provides support for organisations experiencing a cyber security incident.

We’ll lead the response, standing up a team of specialists including the impacted organisations, dedicated incident handlers, clinical leads, cyber regional leads, information governance, and communication specialists; while also coordinating with healthcare departments, Department of Health and Social Care (DHSC), NHS England, UK government and national agencies.

We may also deploy centrally funded NCSC Level 1 assured Cyber Incident Response (CIR) teams to major incidents. This support will be offered where appropriate during an incident.

Action for your organisation

  • report incidents directly to CSOC by phoning 0300 303 5222
  • develop a robust incident management plan so your organisation is always ready to respond. Speak with your cyber regional lead for support
3. Register for cyber alerts and threat intelligence

CSOC centrally injects intelligence feeds into our security tools, generated from commercial, curated open source, and our own bespoke threat intelligence insights. We also provide darknet and credential compromise monitoring.

We analyse a range of threat intelligence sources to identify new and developing threats, and use that intelligence to undertake threat hunting, develop detections and issue High Severity Alerts (HSAs).

Our dedicated threat hunting team investigate over 2000+ queries each day to safeguard healthcare and fortify our systems.

We also create custom detections and analytics honed specifically for threats targeting our healthcare systems and environments, ensuring tailored precision in our defence strategy.

Action for your organisation


Additional support available

NHS England offers a range of centrally funded products and services to support your cyber security strategy.

These services align to the Cyber Assurance Framework (CAF), and can help you achieve the standards set out in the Data Security and Protection Toolkit (DSPT).

Learn more on our website: Cyber and data security services and resources.

Or speak to your cyber regional lead.


Hear directly from CSOC

The Cyber Associates Network (CAN) is available to NHS and social care organisations. Among many benefits, the network offers opportunities to hear directly from CSOC about a wide range of cyber security topics and technical expertise.

Meet our team

A few of the experts working with CSOC. 

 

Last edited: 2 July 2024 8:27 am