NHS staff issued with fresh cyber security guidance
NHS Digital has launched an organisation-wide cybersecurity campaign to provide staff with the most up-to-date guidance on how to avoid and mitigate potential cyber threats and data breaches.
With the NHS being one of the biggest direct and indirect targets for cybercriminals, NHS Digital's 'Keep I.T. Confidential' campaign is hoping to educate the workforce on the impact of cybersecurity on patient safety and care.
As part of the programme run by NHS Digital's Data Security Centre (DSC), staff will be reminded of a host of key cybersecurity threats that could compromise the NHS' defences. There will also be information on what actions staff can take to reduce the risk of attack.
"Cybersecurity is the responsibility of all NHS staff and we want to inspire a cultural change by supporting health and care organisations to embed it in their daily best practice," said NHS Digital deputy chief executive Rob Shaw.
"To do this, we need to support all NHS staff on the direct impact of data security on patient care, and the steps they can take personally to reduce this threat."
Areas to be highlighted include weak password hygiene, phishing scams and business email compromise (BEC), keeping devices unlocked, and social engineering campaigns.
The campaign will also aim to reduce 'tailgating' on NHS sites, the practice of cybercriminals attempting to gain physical access to unauthorised areas by the following staff or posing as workers.
Physical infiltration is deemed a major cybersecurity risk given there are a host of vulnerabilities and exploits that require an attacker to be in close proximity to a target device.
"We know how busy NHS staff are so we are helping them to understand the importance of data security and how it can impact on and benefit their working lives, including patient care," Shaw continued.
"NHS organisations are vast and diverse so Keep I.T. Confidential can be tailored to suit the individual needs of health and care providers and their staff."
Cybersecurity in the NHS has been given far more attention since the devastating WannaCry outbreak in 2017. Attention has not been sufficient to bolster cyber defences, however, with zero Trusts passing cybersecurity assessments one year after the incident, according to results from April 2018.
Moreover, the results of a freedom of information request published in December revealed the NHS has been spending as little as £250 on cybersecurity in some areas. The average spend on training across 159 Trusts was £5,356 throughout 2018, but this varied wildly from between £238 and £78,000, and bore no correlation to the size of Trust or its location.
These findings were highlighted again in July this year, with the Institute of Global Health Innovation (IGHI) urging the government to pump more money into cybersecurity. Its research suggested this was needed in order to plug existing gaps that render the NHS vulnerable to an attack more destructive than WannaCry.
source itpro
Industry: Cyber Security
Latest Jobs
-
- Lead CyberArk deployment Consultant
- London
- Upto £80,000 plus benefits
-
CyberArk Consultant is needed to be responsible for leading the deployment of CyberArk solutions for this expanding IT services business, You will work with customer both pre and post sales, getting involved in CyberArk Solution Design, helping to create CyberArk Strategic Roadmaps, on-boarding accounts, product and process integration into the CyberArk Solution and Proviso of Installation and technical Documentation. We are looking for this individual to have experience in: Installation of CyberArk PAS for V11.X and V12.X (Vault, DR Vault, Central Policy Manager and Password Vault Web Access) Upgrade of CyberArk from V9 and V10 (Vault, DR Vault, Central Policy Manager and Password Vault Web Access) Installation and Upgrade of Privilege Session Manager and Privilege Session Manager Proxy As some of your client will be government site, all individual will need to be put through SC clearance, therefore you must be eligible to receive this and happy to be put through(With a British Citizen or to have lived in the UK for the past 5 years) We are unable to provide work visa sponsorship for this opportunity
-
- Senior Business Analyst - Outside IR35 Contract, SC Clearance Required, London
- London
- £400 per day outside IR35
-
Senior Business Analyst - Outside IR35 Contract, SC Clearance Required, Based in London Project- to engage with colleagues and stakeholders to investigate and model business functions, processes, information flows and data structures, using a range of business analysis techniques. • You will translate the solution to the business problem into detailed requirements by creating user stories and well-defined acceptance criteria. • Elicit end-to-end business requirements for a live cross-government service • Working across the Government departments to bring together varied business and operational outcomes to form a holistic overall set of service requirements Current SC clearance is required. As is the ability to travel to London.
-
- DV cleared CCP Senior IA Architect Contract. 12 month Outside IR35
- N/A
- 600 per day Outside IR35
-
DV cleared CCP Senior IA Architect Contract. 12 month Outside IR35. £600 MOD experience (Secure by Design, Accreditation, management) / CADMID project life cycle. Working within and across programmes across Land, Air and Fleet. Meng / Ceng. Ability to travel where as and where needed across the M3 / M4 corridor
-
- Illumio Engineer - CONTRACT. EUROPE
- Sweden
- N/A
-
Engineer with hands on Illumio needed for 6 month contract. Ideally based in Sweden, but would consider the right individual to deliver a hybrid role (Occasional travel to Sweden will be required). Connecting services in Illumio, rollout of the agents (VEN). Experience with Illumio Core, endpoint, cloudsecure Looking to start ASAP