Cyber and data security
Cyber and data security
‘Cyber and data security’ relates to the protection of data, systems, and networks in cyberspace. It is becoming an increasingly critical issue for all who use or work with the internet.
Ten steps to help improve data and cyber security
PSNC recommends pharmacy teams review the PSNC Briefing: Ten steps to help improve data and cyber security within your pharmacy.
Community pharmacy cyber and data security pilots (updated November 2019)
PSNC is working with NHS Digital on some cyber security matters and to seek pharmacy contractors
NHS Digital data security centre and their cyber partner company, Templars Executives, hope to undertake pilot calls and visits to a small number of community pharmacies in the near future.
If your independent pharmacy would like to be added to the list of possible candidates then please contact Daniel.Ah-Thion@psnc.org.uk with ‘Cyber pilots’ in the subject header, no later than 15th November 2019. If you volunteer quickly then you may have a higher chance of being selected during the pilot period.
Participation will help your pharmacy’s cyber and data arrangements, as well as inform future guidance and future work with pharmacy system suppliers. The findings of calls or visits will be anonymised and recommendations will be provided to you
Some IG policies and templates are listed at psnc.org.uk/igtemplates.
NHS Digital have also published security template policies which can be adapted by contractors, relating to topics such as: Anti-malware, Back-ups, Bring Your Own Device (BYOD), Data handling, Mobile device working, and Removable media guidance (e.g. USB sticks).
NHS Digital’s CareCERT will offer advice and guidance to support health and social care organisations to respond effectively and safely to cyber security threats. They will plan to do so through a number of programmes:
- CareCERT Assure – interested with organisation’s cyber security preparedness.
- CareCERT React – provides guidance and advice on data security incidents.
- CareCERT Knowledge – e-learning service
CareCERT also work with the National Cyber Security Centre (NCSC). The NCSC provides national guidance.
The standard NHS system settings are determined by the Warranted Environment Specification (WES), which itself specifies which versions apply in regards to:
- operating systems (e.g. Windows 7 minimum (see pharmacy guidance regarding Windows 7/10 migration), older Windows versions are no longer falling within the common settings);
- internet browsers (e.g. Microsoft Internet Explorer 11, older IE versions are no longer falling within the common settings);
- java version (the version of the computer programming language being used, which is intended to let programs run smoothly); and
- Smartcard-related drivers.
Dealing with cyber attacks
If you believe your system has been affected, or would like to read more about prevention and any recent threats, read more at: Dealing with cybersecurity risks.
- Caldicott3: Review of data security, consent and opt-outs (National Data Guardian 2016)
- News: Cybersecurity within the healthcare landscape (digitalhealth.net)
- Little Book of Cyber Scams (Met Police)
Return to IG and cybersecurity