Templar Executives is delighted to have been appointed by NHS Digital to deliver Board level Cyber Security briefings to NHS Trusts across the country this is part of NHS Digital’s Data Security Centre (DSC) strategic program for health and care organisations to receive support free of charge, to manage data security and reduce the risk of cyber-attacks. Our comprehensive and engaging GCHQ Board training explores the leadership challenge in the area of Cyber and Data Security and is sponsored and funded by NHS Digital. The training is a timely intervention for NHS Trust Boards who, dedicated to driving improvements in patient outcomes and the ‘quality and timeliness of patient care’, are increasingly cognisant of the importance of adopting best practices in Cyber Security at the business and operational levels.
The training includes a two-hour briefing session made up of presentation and discussion, followed by optional e-Learning tailored to Board members in the NHS. It supports leadership obligations under the Data Security standards following the Caldicott Review, the Data Security Protection Toolkit expectations and the current legislative framework including the General Data Protection Regulation, Data Protection Act 2018, and the Network Information Systems Regulation 2018, which includes Health and Social Care. In addition to legislative and compliance requirements, and the immediate effects of fines or litigation, there is also consideration of the unpredictable reputational damage and business disruption that can ensue from an attack or data breach. For the healthcare sector, business disruption can also result directly or indirectly in adverse staff and patient care impacts.
The Healthcare sector has a treasure trove of highly sensitive data and is increasingly dependent on digitalisation and innovation in order to deliver better efficiencies and patient care outcomes. However, this also makes it increasingly vulnerable to cyberattacks and data breaches. Information, such as the medical records of patients, when sold on the Dark Web, can be fifty times more valuable than financial information (1), making the sector a particularly attractive target for cyber criminals. The WannaCry ransomware attack in May 2017 was one of the largest cyber-attacks to have affected the NHS and has prompted exemplary change in cyber-security strategies and attitude (2). The size and growing number of breaches in the sector, only serves to highlight that effective Cyber Security training must be a priority for Boards and healthcare professionals.
In the aftermath of WannaCry it was strongly recommended that, “Boards for NHS organisations should undertake annual cyber awareness training.” For NHS Trust Boards, maintaining their own awareness of the evolving Cyber Security agenda, and setting the right tone that encourages characteristics and behaviours which support a strong Cyber Security risk culture, is imperative. To date the feedback on the Board level training provided by Templar Executives, and the momentum that has resulted, has been tremendous; to a large extent this is due to peer referrals and recommendations from NHS Trust Board members who have already taken the training.
Templar Executives is also partnering with NHSD to provide Cyber Operational Readiness Support (CORS) to review and help improve the Cyber Security posture of NHS organisations and develop a plan for achieving Cyber Essentials Plus accreditation. The CORS initiative includes, onsite Cyber Security assessments; policy and strategy development and remediation to support the optimisation of clinical priorities and patient care.
For more information on how to arrange your NHS Trust Board briefing please contact us at firstname.lastname@example.org or call us on 0844 443 6243.
For more information on the CORS initiative, please contact the team at email@example.com or firstname.lastname@example.org.
For more information on NHS Digital’s Data Security Centre (DSC) strategic program for health and care organisations, please click here.
2) Investigation: WannaCry Cyber Attack and the NHS, National Audit Office, 2018