Improving cyber security

Patients, service users and staff have a right to expect that information about them is held securely. HSCN customers have a duty under the law to protect information. Increasingly, information is at risk from malicious activity, such as hacking and computer viruses (often called malware). Protecting information held on computers is called cyber security.

HSCN features comprehensive security monitoring and analysis functionality, providing a central capability to detect irregular traffic volumes or flows, in near real time. HSCN consumers benefit from this capability as potential problems can be detected and resolved promptly.

Whilst these capabilities undoubtedly enhance network security, like N3 previously, HSCN should not be considered a 'secure' network. All connected organisations must risk assess their use of the HSCN, and employ their own security controls to protect any data for which they are responsible. The HSCN will not automatically encrypt any data, or guarantee the security of data or communications by default.

So like N3 or the internet, HSCN is not suitable to exchange patient or sensitive data without additional security safeguards. Where patient or sensitive data needs to be exchanged it must be encrypted in transit. National applications like NHSmail and Spine do this by encrypting the communication between the application and end user device.

HSCN improves the cyber capabilities of the network in a number of ways:

In HSCN, instead of having a single connection to the internet, organisations will connect via one of a number of HSCN Consumer Network Service Providers (CN-SPs) who all provide internet connectivity. As a result they will be able to obtain faster and cheaper internet connectivity via their CN-SP and avoid the need to obtain additional local internet connectivity that is less secure or less monitored.

NHS Secure Boundary provides a security solution which offers protection against the most sophisticated network security threats for NHS organisations. This solution is part of a larger programme of work being delivered by NHS Digital’s Data Security Centre (DSC) to ensure the confidentiality, integrity, and availability of patient data, as well as protecting clinical and business systems from emerging threats.

NHS Secure Boundary uses next generation firewall (NGFW) and web application firewall (WAF) protection to protect internet traffic from digital and cloud-based threats. 

1. The HSCN Network Analytics Service (NAS) monitors the heartbeat of HSCN and identifies any new or anomalous behaviour on any part of HSCN.
2. It takes real-time feeds from HSCN connections, the NHS Secure Boundary service and the Domain Naming Servers (DNS), proactively looking for anomalous behaviour. Any anomalous behaviour is alerted to the NHS Digital cyber security team who can investigate further.
3. NAS was specifically designed to counter the rising threat from encrypted traffic. It focuses on the source, destination and type of traffic, instead of relying on being able to read the content of the traffic. The NAS service will also benefit from early warning information from sources such as National Cyber Security Centre (NCSC).

The HSCN DNS will interface with the DNS being provided by the NCSC, which will block bad websites in real-time, preventing people going to them in the first place.

1. NHS Digital's Data Security Centre  will contact HSCN customers about malicious activity and malware that HSCN identifies. The aim is to help resolve the cyber security incidents and where needed help the HSCN customer to prevent further incidents.
2. These measures will provide some security against malware and other malicious content. This will help to secure data, but they are not substitutes for good cyber security practices at HSCN customers. The UK's NCSC and Data Security Centre will provide quality and accessible information about cyber good practice to HSCN customers. This will help reduce the likelihood of a cyber incident affecting HSCN customers in a way that is right for the individual HSCN customer. It will be an important part in helping everyone meet the patient, service user and staff expectation that information about them is safe.