Cyber News Brief
The WannaCry cyber incident was a global attack on an unprecedented scale. While it was not directly targeted at the NHS it had a major impact on health and care.
We send out threat intelligence, remediation patches and updates that are released by suppliers on a regular basis, ranging from minor functionality changes to more fundamental security fixes. A security patch was sent out in March 2017 as part of Microsoft’s general monthly update.
In April, we received intelligence, making the link between a specific threat and the vulnerabilities the Microsoft patch addressed. We sent a bulletin via the CareCERT service (which organisations are encouraged to register to) to more than 10,000 security and IT professionals and managers with responsibility for local systems, to alert them to this specific issue.
Since the WannaCry incident occured, there has been a collective focus across the NHS on strengthening resilience against cyber-attacks. We have taken the lessons learned from WannaCry and the feedback from frontline organisations to focus on improving speed of response, resilience, communication and knowledge in the event of a cyber-attack.
Progress has been made towards many of the recommendations from the reviews into WannaCry, and we will continue to work with our partners to implement them and support health and care providers.
About the Data Security Centre (DSC)
The NHS Digital Data Security Centre provides services to help predict, prevent, detect and respond to cyber incidents, threats and vulnerabilities, enabling organisations to use data and technology in a secure way to deliver safe and improved patient outcomes. Local organisations are accountable for their own cyber security and all staff have a part to play.
Support for the NHS
Weekly threat intelligence bulletins and alerts are sent to all of health and care identifying new and emerging threats, offering mitigation and remediation advice. We have introduced SMS alerting which is used to inform contacts that a major incident has been raised, and to signpost to the latest information and guidance on our website relating to the incident.
NHS Digital has carried out over 260 on site assessments identifying problems in local infrastructure which is followed up with on-site support to help fix any identified issues.
We are expanding our capability and capacity to support local organisations by launching an enhanced Security Operations Centre. This will deliver new security services to the system and significantly increase our ability to monitor local networks, providing health and care organisations with near-real-time threat intelligence on their infrastructure and reducing local monitoring costs. The new SOC will enhance existing services and as well as introducing the ability to proactively hunt for threats, perform regular vulnerability assessments across the sector and analyse examples of malware to help better protect all organisations.
A Customer Support Agreement (CSA) with Microsoft was signed in July 2017 to provide security updates to unsupported operating systems and launching Enterprise Threat Detection (ETD) to over 250,000 machines in the NHS, alerting them when an infection is identified.
NHS Digital and Health Education England e-Learning for Healthcare have developed data security e-learning which ensures staff across health and care are equipped to handle information respectfully and safely. This ensures they understand their responsibilities in handling information responsibly and processing it securely. 95% of staff have to undertake the mandatory training requiring an 80% pass mark.
The Data Security Centre also has published a knowledge repository with best practice, policies and guidance.
Microsoft Windows operating system licences with Advanced Threat Protection
The Department of Health and Social Care has announced a new centralised Windows 10 agreement which offers local organisations Microsoft Windows operating system licences, including Windows Defender Advanced Threat Protection (ATP). This is free of charge to local NHS organisations who agree to implement the ATP facility.
The contract will run for five years until 2023.
The ATP facility gives local organisations better cyber security protection. It is also linked into the NHS Digital Data Security Centre (DSC), which improves cyber security protection for local health and care communities, and the NHS as a whole.
Prior to the WannaCry incident, we had been working proactively to support trusts with their cyber security. The DSC has been inviting organisations from across health and care to participate in a free cyber security assessment to give their organisations an understanding of local vulnerabilities and potential security risks, and an action plan to help them reduce those threats.
We had conducted 113 assessments. This figure is now over 260.
To support Boards and leadership teams across the NHS to enhance their data security, we have been working with CQC to develop its key lines of enquiry on Data Security as part of their well-led inspections. We have aligned this to the Data Security and Protection Toolkit to ensure organisations review their position against a single set of requirements.
Data Security Protection Toolkit (DSPT)
The Information Governance Toolkit has been replaced by a new Data Security Protection Toolkit (DSPT) which launched in April 2018. Completion of the DSPT is mandatory for all NHS organisations. The toolkit has been designed to be easier to use and with a simpler format, in response to feedback from a wide range of users. It supports health and social care organisations to meet the requirements of the General Data Protection Regulation (GDPR), which comes into effect in May 2018.
For more information, and to access the Data Security and Protection Toolkit, go to: https://www.digital.nhs.uk/data-security-protection-toolkit
During high severity security incidents, we can send alerts and updates by using short message service (SMS) alerts, following a successful pilot. Contacts in Acute, Ambulance and Mental Health Trusts, Clinical Commissioning Groups and Commissioning Support Units can receive the alerts through this additional channel.
SMS will be used to highlight a security incident and signpost colleagues to the latest information from the DSC’s specialist team, who work closely with the National Cyber Security Centre (NCSC) during major incidents to analyse multiple intelligence sources and ensure that users are provided with expert guidance. The alerts are sent using the free government alert service, GOV.UK Notify.
The team is working with the National Cyber Security Centre (NCSC) to establish a collaboration forum of IT and security professionals in health and care who could share invaluable insights during a cyber-attack in a secure online environment. In the event of a large-scale incident, representatives from affected organisations can be invited to a closed group to discuss their situation in a private and secure setting, with the ability to receive intelligence that could not be openly shared.
Find out More
There have been three significant government reviews of WannaCry and the impact on the NHS:
- The National Audit Office (NAO) independent investigation into the WannaCry cyber incident on 12 May 2017.
- The Department of Health and Social Care’s Data Security Leadership Board commissioned the Chief Information Officer for the health and social care system in England, Will Smart, to carry out a review of May 2017’s WannaCry cyber-attack.
- A hearing by the Public Accounts Committee on the impact of WannaCry and response by the health and care system.
Latest News from
Syndication service provides latest NHS coronavirus information for websites22/05/2020 15:05:00
Up to date official health information on coronavirus (COVID-19) is now available for organisations and companies to add to their websites quickly and easily.
Summary information published on high-risk patients on the Shielded Patient List22/05/2020 09:15:00
Anonymous summary data on patients who have been identified as being on the coronavirus (COVID-19) Shielded Patient List (SPL) was published for the first time yesterday.
Almost half a million MS Teams messages a day sent in the NHS during COVID-19 lockdown21/05/2020 14:15:00
The average number of weekday remote meetings carried out in the NHS using Microsoft Teams has reached 90,250: more than a six-fold increase since the week it was rolled out across the NHS by NHS Digital, following lockdown restrictions.
Explanatory note: GP data to support vital coronavirus response15/05/2020 13:10:00
NHS Digital is supporting GPs by putting in place a central service to collect and disseminate data from General Practice to support vital planning and research, as part of the coronavirus response.
Statistics released on obesity-related hospital admissions in England in 2018-1906/05/2020 09:15:00
New figures on obesity-related hospital admissions were published yesterday by NHS Digital.
New NHS Digital Deputy Chief Executive takes up post05/05/2020 11:38:00
NHS Digital’s new Deputy Chief Executive, Pete Rose, yesterday joined the organisation. Pete will also take on the role of Chief Information Security Officer for the Health and Care System.
Over six thousand care providers sign up to NHSmail in just six weeks04/05/2020 12:15:00
The number of care providers using NHSmail, the NHS’ centrally-funded email service, has more than doubled in the last six weeks from 4,141 providers to 10,186, to support staff during the COVID-19 pandemic.
NHS login hits one million registered users27/04/2020 09:15:00
More than a million people have now registered with NHS login following an upsurge in demand for digital services during the coronavirus pandemic.