Respond to an NHS cyber alert (formerly CareCERT collect)

Summary

Cyber and data security services rely on collecting limited operational data to protect the health and care system. This includes internet protocol (IP) information for non intrusive vulnerability scanning, user contact details for sharing IP scan results or other cyber issues, senior risk owner (SIRO) details for escalation, and threat intelligence to prioritise support during incidents. The data also helps determine the scope of any cyber incident.

Controller	NHS Digital
How we use the information (processing activities)	Provision of cyber and data security services to the health and care system. Data collection of internet protocol (IP) data to carry out non-intrusive vulnerability scanning, user details to contact them about the output of IP scanning or other cyber matters, senior information risk owner (SIRO) details to provide a escalation point when required, and intelligence on alerts to focus our limited resources on sites needing our support during a cyber incident. Data collected also helps us determine the scope of a cyber incident when it occurs.
Does this contain sensitive (special category) data such as health information?	No
Who are recipients of this data?	None
Is data transferred outside the UK?	No
How long the data is kept	20 years after no longer required
Our lawful basis for holding this data	Public task
Your rights	Be informed Get access to it Rectify or change it Erase or remove it Restrict or stop processing it Move, copy or transfer it Object to it being processed or used Know if a decision was made by a computer rather than a person
How can you withdraw your consent?	Consent not the basis for processing
Is the data subject to decisions made solely by computers? (automated decision making)	No
Where does this data come from?	Networking device
The legal basis for collecting this data	Public task and Health and Social Care Act (2012) – Schedule 18, part 10 (1)

Where we use this data

internal