Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security and NDG Review Supporting the Wider System and National Data Guardian Review Presented by Chris Flynn Senior Service Manager NHS Digital’s.

Published byPiers Bailey Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Security and NDG Review Supporting the Wider System and National Data Guardian Review Presented by Chris Flynn Senior Service Manager NHS Digital’s."— Presentation transcript:

1 Data Security and NDG Review Supporting the Wider System and National Data Guardian Review Presented by Chris Flynn Senior Service Manager NHS Digital’s Data Security Centre

2 National Data Guardian Review National Data Guardian recommendations 2

3 National Data Guardian Review Published July 6 th 2016 Public Consultation through to September 2016 Key Data Security Themes: –Leadership is key to good data security –Leadership should own and be responsible for data security as they are for clinical and financial standards –DH & its ALBs need to enable health and care to develop a better culture of data security –10 Data Standards have been proposed as a minimum bar for health and care 3

4 What are we protecting ourselves from? Known threats and challenges in Health & Care 4

5 OS & browsers across health & care 5 Operating System End of mainstream support End of extended support/ security updates Windows 7January 2015January 2020 Windows XPApril 2009April 2014 OtherN/A BrowserChromeFirefoxIE 10 and belowOther (inc IE 11) % of NHS Mail connections 22%2%68%8%

6 The Threat is Real 6 Hospital X: Infiltration onto local network; infiltrating 60+ internal servers (some clinical), used as a mail relay and over 2m SPAM emails sent from hospital servers. Bedroom Hacker exploiting a Technology XP and Windows Server 2003 vulnerability. Govt Body Y: Insider, an employee was socially engineered by a journalist to release pseudonymised information on hospital statistics that due to their format could have been re-ID’d. Insider Threat, Social Engineering of Our People Hospital Z: Malware attack, affecting 100 XP machines and multiple servers. Due to issues caused by data integrity fears, path results disrupted and discharge affected (bed blocking). Criminality, failure in Process of the organisation to keep up their patching regime

7 Balancing data security & patient care 7 Timely care Safe care Trust Availability Integrity Confidentiality

8 Balancing data security & patient care 8 Timely care Safe care Trust

9 Balancing data security & patient care 9 Timely care Safe care Trust Availability Integrity Confidentiality Availability Integrity Confidentiality

10 The Good News… The work ongoing at the centre and by health and care is making a difference e.g. Trust A – spotted a ransomware attack early, contained monitored and eradicated before it took hold Orgs across the sector are consuming CareCERT alerts and proactively fixing vulnerabilities A newly re-named ALB which I promise isn’t NHS Digital (Honest) spotted an overseas attack on a national system. However, there is so much more we can do and need to do…just look at the NDG review. 10

11 The Role of NHS Digital And how they support the Data Security Standards 11

12 NHS Digital Data Security Centre NHS Digital’s Data Security Centre is at the forefront of information and data security. It enables the secure and safe use of information within health and care building public trust through the services, guidance and advice it offers. It is the centre for threat intelligence while also coordinating a sector- wide incident management capability. Capabilities: Cyber Security Programme delivering services to health and care Specialist Security Service – Internal specialists and resourcing Security Cell – internal security monitoring and incident management, external threat and incident management through CareCERT 12

13 NHS Digital’s Role in Data Security NHS Digital’s Data Security Centre, the services it implements to health and care, and the support and guidance it offers to the system should be: non-regulatory; NHS Digital is not a regulator but an enabler to the 2million+ employees in the system to provide better data security a Leader in data security; the place the wider health and care system comes for advice guidance and support the gateway to the National Cyber Security Centre; distilling best practice and working with NCSC on improving UK response to cyber threat the trusted centre for threat intelligence for the system and sector wide incident management 13

14 Cyber Security Programme Initiatives

15 Cyber Security Defence in Depth 15 People Process Technology Education & Training e.g. Information Management Training Portal Personal Responsibility e.g. CareCERT Knowledge Building a Security Culture e.g.. Data Security/IG Toolkit Defined Security Policies e.g. CareCERT Assure Incident Management e.g. CareCERT Intelligence Access Control e.g. CareCERT Knowledge Network Technology e.g. N3 Gateview Patching and Encryption e.g. CareCERT Intelligence & Cyber Capital Fund

16 Defence in Depth 16 CareCERT Intelligence CareCERT Assure CareCERT Knowledge Information Management Training Portal Cyber Capital Fund Data Security/IG Toolkit Network Monitoring Proactive Reactive Changing Culture Removing Vulnerabilities Blocking Threats Reducing Impact Continually Learning & Improving CareCERT React Contractual Levers & Incentives

17 The Current Push Model 17

18 Creating a Pull Model 18 Cyber Security Campaign promotes and markets the new services, to ensure NDG is delivered and enabled locally. Consumers better understand their needs as the NDG, specifically the 10 data security standards delivered through the IGT/new DST are clear. The new DST is drives a culture of security. DST will drive organisations to change, which are enabled by our initiatives ie. We are no longer just pushing our services out but they are also being pulled in by organisations.

19 The role of the Centre To enable health and care organisations to take the right decisions and actions to improve and enhance industry standard data security. Not to deliver unnecessary top down services that mandate and dictate. NHS Digital is not a regulator…it should be there to help you make better informed decisions and realise the NDG review outcomes. 19

20 One More Thing…or Four Some final advice: Invest in your people; personal responsibility in cyber is key. Be part of CareCERT and CareCERT Assure now (email us to know more) use and benefit from the advice and guidance of CareCERT React and CareCERT Knowledge later this year. Its free and its to help (we’re not a regulator we’re a support function) Don’t fall into the trap that Cyber Security doesn’t affect patient care or patient wellbeing, it does, and it is. Don’t entrust the security of the many with the few. We’re all on the hook to enhance what we do. 20

21 www.digital.nhs.uk @nhsdigital enquiries@nhsdigital.nhs.uk 0300 303 5678 CareCERT, React, Assure Enquiries: cybersecurity@nhs.net

Download ppt "Data Security and NDG Review Supporting the Wider System and National Data Guardian Review Presented by Chris Flynn Senior Service Manager NHS Digital’s."

Similar presentations

Well Connected: History Arose out of Acute Services Review Formal collaboration between WCC, all local NHS organisations, Healthwatch and voluntary sector.

Well Connected: History Arose out of Acute Services Review Formal collaboration between WCC, all local NHS organisations, Healthwatch and voluntary sector.
Third Sector Lancashire November 13 th 2014 Sam Nicol Healthier Lancashire.

Third Sector Lancashire November 13 th 2014 Sam Nicol Healthier Lancashire.
1 The Care Act and Social Care Markets July 2014.

1 The Care Act and Social Care Markets July 2014.
National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.

National Update: The information revolution and the 2012 Caldicott Review Simon Richardson – Information Rights Manager.
National Standards for Safer Better Healthcare

National Standards for Safer Better Healthcare
Commissioning for Culture, Health and Wellbeing Ian Tearle Head of Health Policy Directorate of Public Health, NHS Devon Wednesday 7 th March 2012.

Commissioning for Culture, Health and Wellbeing Ian Tearle Head of Health Policy Directorate of Public Health, NHS Devon Wednesday 7 th March 2012.
Open Data Platform Supplier Forum 13 January 2012.

Open Data Platform Supplier Forum 13 January 2012.
Transforming the FE workforce to become a force for change: the need for a workforce strategy Alison Twiney Director, England Lifelong Learning UK.

Transforming the FE workforce to become a force for change: the need for a workforce strategy Alison Twiney Director, England Lifelong Learning UK.
Workforce for London – A Strategic Framework Implications for NHS/HE Partnership.

Workforce for London – A Strategic Framework Implications for NHS/HE Partnership.
© British Telecommunications plc Workshop Outputs.

© British Telecommunications plc Workshop Outputs.
CHILDREN, YOUTH AND WOMEN’S HEALTH SERVICE New Executive Leadership Team 15 December 2004 Ms Heather Gray Chief Executive.

CHILDREN, YOUTH AND WOMEN’S HEALTH SERVICE New Executive Leadership Team 15 December 2004 Ms Heather Gray Chief Executive.
The New Public Health System

The New Public Health System
1 The Care Act and Social Care Markets June 2014.

1 The Care Act and Social Care Markets June 2014.
How can Geriatricians help PCTs?. What on earth is world class commissioning? Department of health has set criteria by which it wishes PCTs to operate.

How can Geriatricians help PCTs?. What on earth is world class commissioning? Department of health has set criteria by which it wishes PCTs to operate.
Improving Outcomes through Integrated Care Dr Anne Hendry National Clinical Lead for Integrated Care Joint Improvement Team.

Improving Outcomes through Integrated Care Dr Anne Hendry National Clinical Lead for Integrated Care Joint Improvement Team.
Improving the IG Toolkit (IGAF 2) presented by Mark Reynolds SCCI, September 2015.

Improving the IG Toolkit (IGAF 2) presented by Mark Reynolds SCCI, September 2015.
Www.england.nhs.uk Integrated Digital Care Record Work stream The Offers Michael A. Bewell Interoperability Engagement Lead.

Integrated Digital Care Record Work stream The Offers Michael A. Bewell Interoperability Engagement Lead.
Access to data for local authority public health AGW Public Health Network Training Event: Public Health Data, Information and Intelligence 11 th November.

Access to data for local authority public health AGW Public Health Network Training Event: Public Health Data, Information and Intelligence 11 th November.
Anne Foley Senior Advisor, Ministry of Health New Zealand Framework for Dementia Care.

Anne Foley Senior Advisor, Ministry of Health New Zealand Framework for Dementia Care.
Linking the learning to the National Standards for Safer Better Healthcare Joan Heffernan Inspector Manager Regulation – Healthcare Health Information.

Linking the learning to the National Standards for Safer Better Healthcare Joan Heffernan Inspector Manager Regulation – Healthcare Health Information.

Similar presentations

Ads by Google