Cyber and data security services and resources

Find out about the cyber and data security services available to the NHS and social care.

Help us to stay safe and secure

As part of our Keep I.T. Confidential campaign, we've highlighted some examples of cyber security threats that we all need to be aware of.

Multi-factor authentication (MFA) policy

This policy will ensure that MFA is used on digital systems throughout the health sector, with particular requirements on accounts that are remotely accessible or have privileged access to systems.

Top tips for staying cyber secure while you're on holiday

Find out how you can stay cyber secure when you're out of the office.

Data Security and Protection Toolkit

The Data Security and Protection Toolkit (DSPT) is an online self-assessment tool that all organisations must use if they have access to NHS patient data and systems.

Data Security and Protection Toolkit assessment guides

These 10 guides provide more information on the 10 data security standards, including suggestions and examples of how the standards might be achieved.

Monitoring services

We undertake a range of national and local monitoring services, designed to identify vulnerabilities, uncover suspicious behaviour and block malicious activity.

Guidance on keeping safe and secure whilst working from home

We've put together some simple security tips that will help to ensure our work and data remains effective and secure when working from home.

Respond to an NHS cyber alert (formerly CareCERT collect): GDPR information

Find out why and how we process your data, and your rights.

Guidance on phishing emails

Find out how you can stay safe and vigilant against phishing emails, including advice on how to spot a suspicious email and how to report it.

Cyber security guidance for healthcare professionals procuring and deploying connected medical devices

This guidance provides UK professional health providers with cyber security guidance for procuring and deploying Connected Medical Devices (CMDs).

Guidance on protecting against cyber attacks

We've published a range of guidance materials on protecting against a cyber security attack.

Guidance on protecting connected medical devices

Security incidents affecting connected medical devices can cause significant disruption to the delivery of healthcare services. Follow our guidance to minimise this risk.

Public Key Infrastructure (PKI) documentation

The documentation set is an essential component of any PKI and defines an agreed set of rules for the operation and management of the PKI.

NHS Public Key Infrastructure Root Certificate Authority information

Find information and guidance on NHS Public Key Infrastructure (PKI) Certificates.

Cyber security guide for NHS Non-Executive Directors: Balancing risk

This guide aims to help NHS Non-Executive Directors understand how cyber security could affect their own NHS organisation and how to become more resilient to cyber threats and attacks.

Backups and Office 365 guidance

An introduction for health and care organisations.

Cyber security strategy for health and adult social care to 2030

Find out about the joint NHS England and Department of Health and Social Care (DHSC) cyber security strategy for health and adult social care to 2030.