CAN do attitude to cyber security in the NHS

How does collaboration help keep the NHS secure? One of NHS Digital Principal Security Specialist Victoria Axon talks about why the NHS must be resilient to cyber security threats and is joined by Martin Price from Royal Cornwall Hospital NHS Trust and Tony Cobain of assurance specialists MIAA to discuss how networking and the NHS Cyber Associates Network (CAN) plays a big part in that.

There is a saying in cyber security that if you’re standing still, you’re actually moving backwards. Cyber threats are always developing, and tens of thousands of new vulnerabilities are found in systems every year. So, it’s crucial that the NHS does not stand still, but instead improves its cyber resilience in order to continue to keep patient records safe.

The NHS handles some of the most sensitive personal data that exists about people so it is attractive to attackers who may seek to exploit that data for monetary or political gain. This is why we take cyber security so seriously within the NHS and why there is an ambitious aim to ensure all public sector organisations are resilient to known vulnerabilities and attack methods, no later than 2030.

Threat landscape
The threat landscape is forever evolving, and this is increasingly influenced by the changing geopolitical landscape. Whereas previously, political events were seen as independent of cyber security issues, the line is now blurring so it is important that as threats change, our cyber resilience also changes to counter that threat.

The NHS is at the forefront of medical research, and this is increasingly facilitated by innovative technology, both in terms of ground-breaking medical devices as well as the computer systems developed for processing and analysing results. So, as we cross new technological frontiers, we need to ensure that these systems are protected from the start and that we don’t undermine our cyber security by introducing new potential backdoors.

Cyber Associates Network
In the ever-growing world of cyber security, it is vital we learn from each other and share experiences across the health and care sector in order to battle increasingly complex cyber threats and test and deploy solutions. This is why in 2019, NHS Digital and NHSX established the Cyber Associates Network (CAN). Three years down the line, the network has more than 2,000 members across public-sector health and care, who support each other both on a local and national level.

The group is aimed at professionals with responsibility for, or a professional interest in, cyber security and provides people with opportunities to shape and influence the cyber-security landscape, by sharing best practice, lessons and advice.

There are a lot of other benefits of being a member of the CAN, including exclusive masterclasses on topics such as backups, cyber incidents and risk management. Plans are also in place to expand the network this year by introducing new communities focussed on diversity, future talent and executives, as well as the Summer of Cyber, a roadshow of events which will bring cyber professionals together from the across the country to network, share knowledge and discuss the latest cyber strategy for health and care.

Benefits of knowledge sharing
The network is something that Martin Price, Royal Cornwall Hospital’s IT security manager knows well, being a member:
“There is perhaps no better way to explain the benefits of enhanced knowledge-sharing and professional development than to network with our peers on a slightly more informal basis to get the creative juices flowing.

“Being a part of the CAN gives cyber professionals huge advantages. Each individual in the network brings different skills and mindsets to the group, meaning we are constantly evolving with each other allowing us to advance in our professional development and ultimately protect the NHS.”

Tony Cobain, Digital Director at MIAA, is also a member and says networks such as the CAN are crucial for cyber security roles:
“For me enhanced knowledge sharing and networking boils down to ‘no provider being an island’. So, from that perspective we have a professional duty to ‘level up’ across care communities and the wider health and care footprint.

“The coronavirus pandemic certainly has driven the need for the CAN. It is almost like a self-help group for cyber. For example, someone from an NHS Trust might post about an issue they are having and within minutes another member could provide them with the answer that otherwise could have taken a lot longer to resolve. There is a great sharing of knowledge on the forum, and it stays there, allowing people to pick on current and emerging issues and to enhance their learning and understanding - making us all stronger.”

CAN Awards
After a challenging two years due to the pandemic, the cyber associates network introduced the CAN awards to showcase the incredible work being done by individuals, teams and organisations to manage and improve cyber security in health and care.

The virtual awards ceremony took place in March this year and shone a light on the innovation and digital expertise that help protect patient care and data across the NHS. This included NHS Informatics Merseyside who won the innovation in cyber award for their ability to creatively solve problems, leading to significant improvements being made to patient care as well as The Pete Rose Outstanding Achievement Award. This was an accolade dedicated to the memory of our Deputy CEO, Pete Rose, who sadly passed away in August 2021. Paul Charnley, Digital Lead at the Health Wirral Programme Office, received this award for his work in developing an innovative integrated system (ICS) wide cyber security group.

The awards are a wonderful opportunity to acknowledge the support all members give to one another and really highlight some of the best practice that can be seen across health and care.

Crucially, however, networking with cyber peers across health and care increases our ability to defend as one against cyber threats. It is all about making sure that frontline services have the digital infrastructure that they need to give patients the best possible care.

The CAN is growing each day and as it evolves, so do the benefits. The network is always on the lookout for new members. If you’re based in the NHS, social care or a local authority, you can find out how to get involved through the link below.