NHS Digital firmly intends to improve its cyber security, says NHS Digital Data Security Centre’s chief operating officer, Rob Shaw.
He said as part of his presentation at a recent Healthcare conference:
“We are not planning to do this alone, but will work closely with the National Cyber Security Centre (NCSC).”
Shaw said that healthcare is dealing with the same kind of cyber threats that other industries, are but has a second challenge of offering cyber security while maintaining patient care as the primary concern.
He said that the NHS Digital’s new approach is acknowledging that it is about maintaining data confidentiality, not technology.
Shaw said that changing attitudes around data protection is a key to this new approach and that leadership is required.
He added:
“We need a better culture [around cyber security] because it cannot just be something that is added on at the end.”
NHS Digital has established 10 standards to help implement cyber security in every part of the healthcare sector in the UK.
Shaw said:
“Although the amount of malicious traffic on the national NHS network (N3) is around the same level of other sectors of 0.3%, security and integrity of data in healthcare is absolutely critical.”
He said that, as in other sectors, spoofed emails are regularly used in targeting healthcare organisations, whereby an email was seemingly sent by someone regarding a relevant subject.
Shaw added:
“When he clicked on the email it appeared to fail to open, but he had compromised his machine, and it took two weeks before the compromise was detected.
“The healthcare sector needs to address these risks in order to change the culture to one that is more concerned with cyber security.”
Another challenge facing the sector is unsupported software, with Microsoft Windows XP being an example.
NHS Digital predicts XP accounts for more than one in seven Windows installations in the healthcare sector are XP. Shaw said that there is no quick fix to this.
NHS Digital knows the risks and has established a plan for making computers running XP more secure.
Shaw said that there remain a number of organisations in the sector that are not cyber savvy, and this is where NHS Digital comes in. It is also capable of offering support in the event of a breach.
He added that cyber threats are a common problem and when they do occur, how an organisation responds is important.
NHS Digital is setting a good example, and perhaps even demonstrating an effective framework for other sectors on how to approach cyber security. Cyber threats come in many forms, such as spoofing emails, as mentioned above, and target all sectors. Organisations and SMEs within those sectors need to come to the fore when it comes to combatting threats, whether regarding prevention or damage control. They need to create more IT security jobs in order possess the capabilities within to deal with any pending threats or the aftermath of an attack. Doing so would greatly improve their chances of surviving unscathed.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.