Latest News
Organising Ourselves for Cyber Security
I know it is a long time ago now, but WannaCry was a wake-up call for the NHS and it did help us to realise that we need to keep investing in cyber security. Now another real-world virus is occupying our minds. But just imagine the world of pain if we were hit with another cyber-attack. (I really hope I am not tempting fate) This is made even more worrying because now, more than ever, health and social care is dependent on digital tools to deliver care.
So, we need to use every weapon we have got to prevent a disaster from happening. I think we have found that one way of doing that is to organise ourselves as a group across the local NHS and nationally to ensure we offer the smallest and best defended “attack surface” we can create.
The work we do is often described as a cyber war against all the possible threats we face, and I wonder how people feel about their cyber defences.
Some days a CIO or Security Manager might feel a bit like this picture on the right. Facing down a massive range of attackers with superior resources on their own.
On the other hand, small groups of well organised forces have been able to keep far superior forces away by organising themselves together and having each other’s backs. I hope that people see that the collaborative work we continue to push on means that we are ready to defend not just our own castles but the land as a whole.
So let’s stretch this military analogy a little bit further…. On the next page here are some of the things we are trying to achieve by organising ourselves.
But before I finish let’s remind ourselves of why we are doing this. It is not at all about technology it is about how technology is needed to deliver patient care.
Cheshire and Merseyside Cybersecurity Plan
Establishing better communication and intelligence with simple tools like a WhatsApp group, frequent cyber updates and increasingly sophisticated knowledge-sharing networks like CAN the NWARP so that we can gather intelligence and share it rapidly.
We are sharing and revising our policies to ensure that we can behave in a similarly disciplined way in every unit.
We are working on a Major Incident Plan for what would happen if we did experience a widescale attack and how we would work together to coordinate our response and provide mutual aid if necessary.
We are aiming to equip ourselves with the right tools to ensure we are prepared. We have bought common systems to provide feedback on vulnerabilities and we would hope to make further investments in a coordinated way in the future.
Skills and Training We are looking to ensure our cyber teams our staff and our boards all have the knowledge they need to make the right decisions when faced with a cyber issue, a suspicious email or an investment decision.
Agreeing on an architecture for our systems and our teams work together at local, regional and national level.