Cyber News Brief
The WannaCry cyber incident was a global attack on an unprecedented scale. While it was not directly targeted at the NHS it had a major impact on health and care.
We send out threat intelligence, remediation patches and updates that are released by suppliers on a regular basis, ranging from minor functionality changes to more fundamental security fixes. A security patch was sent out in March 2017 as part of Microsoft’s general monthly update.
In April, we received intelligence, making the link between a specific threat and the vulnerabilities the Microsoft patch addressed. We sent a bulletin via the CareCERT service (which organisations are encouraged to register to) to more than 10,000 security and IT professionals and managers with responsibility for local systems, to alert them to this specific issue.
Since the WannaCry incident occured, there has been a collective focus across the NHS on strengthening resilience against cyber-attacks. We have taken the lessons learned from WannaCry and the feedback from frontline organisations to focus on improving speed of response, resilience, communication and knowledge in the event of a cyber-attack.
Progress has been made towards many of the recommendations from the reviews into WannaCry, and we will continue to work with our partners to implement them and support health and care providers.
About the Data Security Centre (DSC)
The NHS Digital Data Security Centre provides services to help predict, prevent, detect and respond to cyber incidents, threats and vulnerabilities, enabling organisations to use data and technology in a secure way to deliver safe and improved patient outcomes. Local organisations are accountable for their own cyber security and all staff have a part to play.
Support for the NHS
Weekly threat intelligence bulletins and alerts are sent to all of health and care identifying new and emerging threats, offering mitigation and remediation advice. We have introduced SMS alerting which is used to inform contacts that a major incident has been raised, and to signpost to the latest information and guidance on our website relating to the incident.
NHS Digital has carried out over 260 on site assessments identifying problems in local infrastructure which is followed up with on-site support to help fix any identified issues.
We are expanding our capability and capacity to support local organisations by launching an enhanced Security Operations Centre. This will deliver new security services to the system and significantly increase our ability to monitor local networks, providing health and care organisations with near-real-time threat intelligence on their infrastructure and reducing local monitoring costs. The new SOC will enhance existing services and as well as introducing the ability to proactively hunt for threats, perform regular vulnerability assessments across the sector and analyse examples of malware to help better protect all organisations.
A Customer Support Agreement (CSA) with Microsoft was signed in July 2017 to provide security updates to unsupported operating systems and launching Enterprise Threat Detection (ETD) to over 250,000 machines in the NHS, alerting them when an infection is identified.
NHS Digital and Health Education England e-Learning for Healthcare have developed data security e-learning which ensures staff across health and care are equipped to handle information respectfully and safely. This ensures they understand their responsibilities in handling information responsibly and processing it securely. 95% of staff have to undertake the mandatory training requiring an 80% pass mark.
The Data Security Centre also has published a knowledge repository with best practice, policies and guidance.
Microsoft Windows operating system licences with Advanced Threat Protection
The Department of Health and Social Care has announced a new centralised Windows 10 agreement which offers local organisations Microsoft Windows operating system licences, including Windows Defender Advanced Threat Protection (ATP). This is free of charge to local NHS organisations who agree to implement the ATP facility.
The contract will run for five years until 2023.
The ATP facility gives local organisations better cyber security protection. It is also linked into the NHS Digital Data Security Centre (DSC), which improves cyber security protection for local health and care communities, and the NHS as a whole.
Prior to the WannaCry incident, we had been working proactively to support trusts with their cyber security. The DSC has been inviting organisations from across health and care to participate in a free cyber security assessment to give their organisations an understanding of local vulnerabilities and potential security risks, and an action plan to help them reduce those threats.
We had conducted 113 assessments. This figure is now over 260.
To support Boards and leadership teams across the NHS to enhance their data security, we have been working with CQC to develop its key lines of enquiry on Data Security as part of their well-led inspections. We have aligned this to the Data Security and Protection Toolkit to ensure organisations review their position against a single set of requirements.
Data Security Protection Toolkit (DSPT)
The Information Governance Toolkit has been replaced by a new Data Security Protection Toolkit (DSPT) which launched in April 2018. Completion of the DSPT is mandatory for all NHS organisations. The toolkit has been designed to be easier to use and with a simpler format, in response to feedback from a wide range of users. It supports health and social care organisations to meet the requirements of the General Data Protection Regulation (GDPR), which comes into effect in May 2018.
For more information, and to access the Data Security and Protection Toolkit, go to: https://www.digital.nhs.uk/data-security-protection-toolkit
During high severity security incidents, we can send alerts and updates by using short message service (SMS) alerts, following a successful pilot. Contacts in Acute, Ambulance and Mental Health Trusts, Clinical Commissioning Groups and Commissioning Support Units can receive the alerts through this additional channel.
SMS will be used to highlight a security incident and signpost colleagues to the latest information from the DSC’s specialist team, who work closely with the National Cyber Security Centre (NCSC) during major incidents to analyse multiple intelligence sources and ensure that users are provided with expert guidance. The alerts are sent using the free government alert service, GOV.UK Notify.
The team is working with the National Cyber Security Centre (NCSC) to establish a collaboration forum of IT and security professionals in health and care who could share invaluable insights during a cyber-attack in a secure online environment. In the event of a large-scale incident, representatives from affected organisations can be invited to a closed group to discuss their situation in a private and secure setting, with the ability to receive intelligence that could not be openly shared.
Find out More
There have been three significant government reviews of WannaCry and the impact on the NHS:
- The National Audit Office (NAO) independent investigation into the WannaCry cyber incident on 12 May 2017.
- The Department of Health and Social Care’s Data Security Leadership Board commissioned the Chief Information Officer for the health and social care system in England, Will Smart, to carry out a review of May 2017’s WannaCry cyber-attack.
- A hearing by the Public Accounts Committee on the impact of WannaCry and response by the health and care system.
Latest News from
New figures on detentions under the Mental Health Act in 2019-20 published yesterday28/10/2020 09:15:00
The rate of detentions under the Mental Health Act in England for black or black British people was more than four times higher than for white people in 2019-20, a new report shows.
NHS Digital celebrates Black History Month27/10/2020 16:15:00
NHS Digital has been hosting a variety of internal events throughout October to celebrate Black History Month.
Survey conducted in July 2020 shows one in six children having a probable mental disorder22/10/2020 14:15:00
The proportion of children experiencing a probable mental disorder has increased over the past three years, from one in nine in 2017 to one in six in July this year.
The next generation of NHS innovation - embracing the digital revolution15/10/2020 09:15:00
Keynote by NHS Digital's CEO Sarah Wilkinson (delivered for Public Policy Projects on Saturday 10 October).
Celebrating Ada Lovelace Day at NHS Digital13/10/2020 14:15:00
To celebrate Ada Lovelace day, NHS Digital is hosting several internal events to celebrate women in technology.
Annual Hospital Outpatient report published for 2019/2009/10/2020 09:15:00
NHS Digital yesterday published the annual Hospital Outpatient Activity report, covering outpatient activity in the NHS and NHS-commissioned activity in the independent sector.
MS Teams use in the NHS soars as pandemic continues06/10/2020 09:15:00
Over 65 million messages have been sent on the platform since the week it was rolled out across the NHS by NHS Digital.
Surge in people checking their risk of type 2 diabetes28/09/2020 15:15:00
Almost 300,000 people have accessed the tool to check their risk of type 2 diabetes online less than two months after the NHS fast tracked access to its world leading Healthier You Diabetes Prevention Programme.