We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Patients, service users and staff have a right to expect that information about them is held securely. HSCN customers have a duty under the law to protect information. Increasingly, information is at risk from malicious activity, such as hacking and computer viruses (often called malware). Protecting information held on computers is called cyber security.
HSCN features comprehensive security monitoring and analysis functionality, providing a central capability to detect irregular traffic volumes or flows, in near real time. HSCN consumers benefit from this capability as potential problems can be detected and resolved promptly.
Whilst these capabilities undoubtedly enhance network security, like N3 previously, HSCN should not be considered a 'secure' network. All connected organisations must risk assess their use of the HSCN, and employ their own security controls to protect any data for which they are responsible. The HSCN will not automatically encrypt any data, or guarantee the security of data or communications by default.
So like N3 or the internet, HSCN is not suitable to exchange patient or sensitive data without additional security safeguards. Where patient or sensitive data needs to be exchanged it must be encrypted in transit. National applications like NHSmail and Spine do this by encrypting the communication between the application and end user device.
HSCN improves the cyber capabilities of the network in a number of ways: