Patients, service users and staff have a right to expect that information about them is held securely. HSCN customers have a duty under the law to protect information. Increasingly, information is at risk from malicious activity, such as hacking and computer viruses (often called malware). Protecting information held on computers is called cyber security.
HSCN will feature comprehensive security monitoring and analysis functionality, providing a central capability to detect irregular traffic volumes or flows, in near real time. HSCN consumers will benefit from this capability as potential problems can be detected and resolved promptly.
Whilst these capabilities undoubtedly enhance network security, like N3 previously, HSCN should not be considered a 'secure' network. All connected organisations must risk assess their use of the HSCN, and employ their own security controls to protect any data for which they are responsible. The HSCN will not automatically encrypt any data, or guarantee the security of data or communications by default.
So like N3 or the internet, HSCN is not suitable to exchange patient or sensitive data without additional security safeguards. Where patient or sensitive data needs to be exchanged it must be encrypted in transit. National applications like NHSmail and Spine do this by encrypting the communication between the application and end user device.
HSCN will improve the cyber capabilities of the network in a number of ways: