Transformation Directorate

Cyber security

Leading work to strengthen cyber security resilience across health and care, protecting individuals and technological advances in care

The NHSX cyber security team works to strengthen cyber resilience across health and care to ensure organisations comply with relevant standards, protect patient data and are able to respond effectively in the event of a cyber incident.

We work in close partnership with NHS England and the National Cyber Security Centre, and link across government and the wider health and care system through arms-length bodies and other organisations such as the Local Government Association and Digital Social Care.

NHSX is the strategic lead for cyber security across the health and care system, articulating the vision, developing the long term cyber security strategy and commissioning services from NHS England. NHS England’s Cyber Operations is the technical and delivery lead, developing and delivering cyber security products and services and monitoring security threats to IT systems and networks across the NHS.

The What Good Looks Like framework outlines the common foundations that should be in place across the NHS, and includes guidelines for cyber security that organisations and systems should aim to reach.

Capital funding for cyber security infrastructure is available for NHS trusts and Clinical commissioning groups. Further information about eligibility, scope of what can be funded and the application process can be accessed through the Unified Tech Fund.

Data Security and Protection Toolkit

The Data Security Protection Toolkit (DSPT) is an online self-assessment tool that allows organisations that process health and care data to measure their performance against the National Data Guardian’s 10 Data Security Standards and to demonstrate that they are practising good cyber security. NHSX holds the policy for DSPT and the team regularly reviews the content to ensure that it is kept up to date with data protection legislation and best practice in cyber security.

Better Security, Better Care Programme (adult social care)

The NHSX-funded Better Security, Better Care Programme, provides a range of tailored local and national support to help adult social care providers complete the Data Security and Protection Toolkit (DSPT), improving their overall data and cyber security. The DSPT helps organisations understand their data and cyber security risks, and measures their compliance with mandatory cyber standards relevant to their sector.

Access to shared systems (adult social care)

The DSPT opens up potential access to shared systems, as the toolkit reassures NHS colleagues that care providers are operating to the same data security standards as NHS bodies. By completing the toolkit and achieving ‘standards met’, care providers can access the following systems:

  • GP Connect
  • Local shared care records
  • Proxy access to GP records
  • Proxy access for medication ordering
  • Summary care records

NHSmail is a free, secure email system available to care providers. NHS bodies require

care providers to use secure email systems if they are communicating with them. To access NHSmail, care providers should reach ‘approaching standards’ or above on the toolkit.

Cyber security incident reporting is managed by NHS England's National Cyber Security Operations Centre (CSOC)

To report an urgent cyber security issue call 0300 303 5222.

For general cyber operations queries email cybersecurity@nhs.net.