Skip to main content

Part of Data Security Standard 6 - Responding to incidents

NHS Cyber Alerts Service (6.3.2)

Previous Chapter

Acting upon known vulnerabilities (6.3.1 - 6.3.5)

Current Chapter

Current chapter – NHS Cyber Alerts Service (6.3.2)

View all

Next Chapter

Repeat data security incidents (6.3.5)

NHS organisations should sign up to receive cyber alerts. Once you are signed up you will receive emails alerting you of emerging threats that you need to act upon.

A complete repository of those threats (including vulnerabilities) is contained within the NHS cyber alerts portal. It's important that you act upon this important intelligence. The implications of not doing so were seen during the 12 May 2017 Wannacry cyber attacks.

Your organisation should respond to high severity cyber alerts within 48 hours. In responding to the alert, include being cognisant of what the alert is asking you to do, knowing if the alert is applicable to your infrastructure and going some way in mitigating the issue.

It's recognised that some alerts mitigation will take a longer period to implement the prescribed treatment (given large estates and critical servers), however this should not be seen as an excuse for inaction.

Your organisation should respond to high severity cyber alerts within 48 hours. In responding to the alert, include being cognisant of what the alert is asking you to do, knowing if the alert is applicable to your infrastructure and following any recommended mitigations provided within the high severity alert.

It's recognised that some alert mitigations will take a longer to implement the prescribed remediation (given large estates and critical servers), however this should not be seen as an excuse for inaction.

If you have had a data security incident, was it caused by a known vulnerability?

The NHS England Data Security Centre works to make sure patient data and information is used securely and safely, through the services, guidance and support provided to health and care organisations.

This includes:

  • monitoring security threats to IT systems and networks and help organisations respond to these threats, through defence and incident management
  • providing the national response to system-wide security incidents, such as the cyber- attack on 12 May 2017
  • working in collaboration with the National Cyber Security Centre and other arm's-length bodies
  • offering information security consultancy and helping with security issues in system design and development
  • setting and reviewing standards on IT security for the health and care sector
  • providing guidance and advice for people working in health and care
  • providing table-top incident response exercises

Last edited: 4 August 2023 8:20 am

Previous Chapter

Acting upon known vulnerabilities (6.3.1 - 6.3.5)

Next Chapter

Repeat data security incidents (6.3.5)

Chapters

  1. Data Security Standard 6 - Responding to incidents
  2. Incident reporting (6.1.1)
  3. The incident reporting system (6.1.1)
  4. Incident management system (6.1.1)
  5. An informed and empowered audience (6.1.1)
  6. Notifying local leaders, national bodies and individuals of a data breach (6.1.2, 6.1.3)
  7. End point anti-virus (6.2.1 - 6.2.9)
  8. Always on, always connected, always up to date (6.2.3 - 6.2.4)
  9. Blocking web malicious content (6.2.5)
  10. Email server software (6.2.6 - 6.2.9)
  11. Acting upon known vulnerabilities (6.3.1 - 6.3.5)
  12. NHS Cyber Alerts Service (6.3.2)
  13. Repeat data security incidents (6.3.5)
  14. Monitoring (6.3.4)
  15. Fraud (6.3.4)