Data and cyber security: protecting information and data in health and care
Our Data Security Centre supports health and care to keep patient information and computer systems safe
View the latest cyber and data security policy and good practice guidance from NHS Digital's data security centre
Go to the CareCERT information sharing portal (requires N3 connection) to see previous threat bulletins and emergency notifications
Our Data Security Centre works to make sure patient data and information is used securely and safely, through the services, guidance and support we give to health and care organisations. We:
- monitor security threats to IT systems and networks and help organisations respond to these threats, through defence and incident management
- provide the national response to system-wide security incidents, such as the cyber attack on 12 May 2017
- offer information security consultancy and help with security issues in system design and development
- set and review standards on IT security for the health and care sector
- provide guidance and advice for people working in health and care
- are revising and developing a selection of services following the Government Response to the review of data-security, consent and opt-outs by National Data Guardian Dame Fiona Caldicott
Data Security Centre: live reporting on cyber security threats in health and care
We monitor intelligence on threats and security incidents and assess how they might affect health and care. We help health and care organisations respond to cyber attacks quickly and effectively to minimise impact. Severe threat notifications and recommended actions are sent out to our 10,000+ contacts immediately. Medium severity threat notifications are sent out in a weekly bulletin. All threats are published on our information sharing portal.
Guidance and good practice for IT security in health and care
We provide cyber and data security policy and good practice guidance for IT in health and care. We set and review standards for health and care on specialist subjects like:
Guidance on using the Cyber Security Services 2 framework to buy cyber security services from certified suppliers, to help you to protect your systems and data from cyber attack, and respond to security incidents.
The Cyber Security Services 2 framework is a way for buyers across central government and the wider public sector to buy National Cyber Security Centre (NCSC)certified cyber security services. It is EU compliant and regulated. As cyber attacks become more frequent and sophisticated, it is increasingly important for health and care organisations to make sure their systems are safe and secure, so that vital services are protected. If you need certified suppliers to help with this, you should use the Cyber Security 2 framework.
Cyber security news
27 November 2017: NHS Digital has today announced a £20m project to boost its ability to support the NHS with its data security.
Our Data Security Centre continues to work around the clock alongside the National Cyber Security Centre, to support NHS organisations that have reported any issues related to this cyber attack.
13 July 2017: CareCert advisory publishes reassurance that health and care systems appear to be unaffected.
13 May 2017: We are continuing to work around the clock to support NHS organisations that have reported any issue due to yesterday's cyber-attack.