NHS Digital aims to improve cyber incident communications
[London, UK] NHS Digital is on track to improve its cybersecurity services after receiving widespread criticism following the May WannaCry attack.
In case of a major security incident, CareCERT updates will now be sent out through SMS alerts by using GOV.UK Notify, the free government alert service.
CareCERT offers guidance to help health and care organisations effectively deal with cyber threats.
Toby Griffiths, Innovation & Development Lead at NHS Digital’s Data Security Centre, said the additional service will ensure ‘key contacts’ receive updates during incidents of high severity.
NHS Digital said it was working with the National Cyber Security Centre (NCSC) to bring together a network of IT and security experts in healthcare that could provide ‘invaluable insights’ on a secure online platform during cyber-attacks, with the NCSC cybersecurity information sharing partnership forum used in the pilot.
Griffiths added: "Finding a secure way to communicate nationally with NHS organisations during a major incident was a priority for us following the WannaCry incident in May.
"SMS was identified as an appropriate solution following feedback from users affected by WannaCry, as it offers an additional level of resilience beyond the standard channels used for sharing CareCERT updates.
“We want to take that a step further by building a professional network across the NHS through online collaboration. The NCSC forum allows us to share information securely that we might not otherwise be able to share.”
Last week, NHS Digital issued a £20m tender to find a strategic partner that would support with the delivery and development of a new Security Operations Centre, meant to ‘enhance’ CareCERT services and drive standardisation of processes under a single unified Security Operating Model.