DH Networks
  • About
    • About/Key achievements
  • Summer Schools
  • Events & Programmes
    • Digital Health Summer Schools
    • Awards
    • Journal Club
    • Mentoring
    • Webinars
  • Communities
    • CCIO Network
      • CCIO Handbook
    • CIO Network
    • CNIO Network
      • CNIO Handbook
    • ICS Digital Council
    • CSO Council
    • Advisory Panels
      • CCIO AP
      • CIO AP
      • CNIO AP
      • Elections
  • Sponsors
    • Become a Sponsor
  • Log-in
DH Networks
  • About
    • About/Key achievements
  • Summer Schools
  • Events & Programmes
    • Digital Health Summer Schools
    • Awards
    • Journal Club
    • Mentoring
    • Webinars
  • Communities
    • CCIO Network
      • CCIO Handbook
    • CIO Network
    • CNIO Network
      • CNIO Handbook
    • ICS Digital Council
    • CSO Council
    • Advisory Panels
      • CCIO AP
      • CIO AP
      • CNIO AP
      • Elections
  • Sponsors
    • Become a Sponsor
  • Log-in
DH Networks
DH Networks
  • About
    • About/Key achievements
  • Summer Schools
  • Events & Programmes
    • Digital Health Summer Schools
    • Awards
    • Journal Club
    • Mentoring
    • Webinars
  • Communities
    • CCIO Network
      • CCIO Handbook
    • CIO Network
    • CNIO Network
      • CNIO Handbook
    • ICS Digital Council
    • CSO Council
    • Advisory Panels
      • CCIO AP
      • CIO AP
      • CNIO AP
      • Elections
  • Sponsors
    • Become a Sponsor
  • Log-in
Copyright 2021 - All Right Reserved

CCIO Handbook Chapter 4

Chris Day, Clinical Informatics Manager - Cyber Security directorate, NHS England

by Michele April 28, 2023
759

Everything a CCIO needs to know about Cyber Security

The risk of a cyber-attack in healthcare has grown dramatically over the past 20 years with many, such as WannaCry and Log4J, affecting the NHS directly. As a result, the question is now when, and not whether, a cyber-attack will ever happen to you!

Are cyber-attacks growing?

Since the introduction of Electronic Patient Records (EPR), the risk and severity of cyber-attacks has increased. Although EPRs improve transparency and patient care, they have the downside of increasing digital exposure and reliance on digital processes.

Cyber-attacks on healthcare organisations can come in a variety of guises. For example:

  • A direct cyber-attack on a specific NHS Trust, such as removing connectivity to a network or system. This may be done using malware, such as ransomware.
  • A cyber-attack that spreads across multiple organisations preventing access to devices that become infected with malware.
  • A cyber-attack on a product supplier, impacting multiple systems across multiple organisations that may include health, social care or both.
  • A cyber-attack against systems to steal data for the purpose of extorting funds.
  • Cyber-attacks that involve the hijacking of business processes to redirect funds from valid financial transactions to attacker’s accounts.

Cyber-attacks can have a huge impact

As cyber-attacks are a risk and not a certainty, it can be easy to deprioritise them in favour of higher-priority pressures. These might include an infection outbreak or needing spend money on a new medical device.

However, if you’re thinking that, you should consider the question, ‘what happens if all our Health IT suddenly becomes unavailable?’

Will:

  • You know which patients are due to attend for appointments?
  • You be able to admit or discharge patients and see their previous clinical records?
  • Reporting be available to show operational pressures?
  • There be visibility of your hospital beds and who is in them to manage patient flow?
  • You be able to access diagnostic tools for critical healthcare interventions?

If digital workflows become unavailable, this impacts every process – from clinical work to finance, with a major impact on patient safety. Being vigilant and aware of the threat posed by poor cyber security, and keeping systems safe, is everybody’s responsibility.

Why do attacks happen?

But why do people carry out cyber-attacks, and why attack your healthcare organisation? There are several possible reasons, with the most common being financial, or a desire to disrupt systems and core services.

The most common motivation for attackers is gaining wealth at your expense; by stealing your data, holding your systems to ransom, or hijacking your processes to divert funds. These attackers are often well-organised criminal groups with well-established ways of working, and they can act quickly.

Where funds are not the goal, the most likely motivation is disruption. Disruptive attacks can be undertaken by anyone interested in causing harm, and can include hacktivists, or anti-governmental organisations. Hacktivists tend to be less well-organised and impactful.

Cyber attacks – are you ready?

Someone will always press on a ‘dodgy link’ in an email, and we need to engage and train staff to prevent this. However, we also need to adequately fund and support robust infrastructure. It’s essential to consider clinical safety when implementing any process involving access to clinical information.

Key points that should be considered include:

  • Are staff adequately trained to reduce the chances of a cyber-attack? Ongoing awareness activities are needed to keep everyone alert to the risks they face.
  • Are staff ready to respond appropriately when a cyber-attack happens? The period where an incident is being managed is generally the worst time to try to devise new actions.
  • Are all your products up to date with patching to prevent an attack?
  • Is your desktop estate fit for purpose? There should always be a plan and a budget to replace devices. Machines can become extremely slow and along with causing frustration for staff, this potentially creates vulnerabilities.
  • Can your software update with new patches? Windows 7, for example, is no longer supported by Microsoft and can’t be patched if a vulnerability is found. This makes it easy for an attacker to get into your systems.
  • Do you have the appropriate technologies to defend your organisation, such as firewalls, anti-virus and anti-malware products?
  • Are Business Continuity Plans (BCP) in place and rigorously tested? Testing is vital to ensure your plans are functional and can support your organisation through periods of unavailability.
  • Have full timescales been considered from recovery to business as usual (BAU)? Do your plans cover up to six months of unavailability? It has happened before and will happen again.
  • Do your recovery plans account for data accumulation outside of your digital platform? If you have 6 months of data collated on paper for an entire EPR system, how long will that take to repatriate back into the system and what administrative resource would that require? The sheer volume of data created from one week of BCP means paper is not the solution. Options may include a failover data center, a simple eforms platform, or even the ability to revert to a backup.
  • Have you assessed how vulnerable your organisation is to phishing attacks? Tools are available to audit the likelihood of a staff member pressing a link by, for example, sending a deliberate phishing email.
  • Do you have your data backed up?

Taking things forward

As senior management, it’s never been more important to prevent cyber incidents and to know what actions to take if one occurs.

Whether you’re working to achieve CCIO status or an experienced CCIO already, you need to have the defence and resilience required to ensure the safety of data and – more importantly – the clinical safety of patients.

After all, in this ever-evolving digital world, patients still lie at the centre of  everything we do.

Back to top

previous post
CCIO Handbook Chapter 3
next post
CCIO Handbook Chapter 5

You may also like

CCIO Handbook Chapter 6

May 2, 2023

CCIO Handbook Chapter 5

June 30, 2023

CCIO Handbook Chapter 3

February 6, 2023

CCIO Handbook Chapter 2

April 28, 2023

CCIO Handbook Chapter 1

April 28, 2023

Events

Bridging the Digital Divide: Leadership strategies for cross-sector collaboration to reduce health inequalities

Bridging the Digital Divide: Leadership strategies for cross-sector collaboration to reduce health inequalities

5 September 2025 | 12:30 - 13:30

Personalised Connections, Strengthened Trust: Driving Digital Engagement at the NHS

Personalised Connections, Strengthened Trust: Driving Digital Engagement at the NHS

10 September 2025 | 09:00 - 10:00

AI and productivity gains

AI and productivity gains

19 September 2025 | 12:30 - 13:30

Newsletter sign up

SITE MAP

  • Home
  • About
  • CCIO
  • CIO
  • CNIO
  • Editorial Board
  • Awards
  • Events
  • Sign up or Login
  • Privacy policy
  • Accessibility Statement

ADDRESS

Digital Health Intelligence Limited
Registered Office:
3rd Floor, The Foundry,
77 Fulham Palace Rd,
London W6 8JA

Registered No. 9257440
Vat No. 198 3531 71

© Digital Health 2025

DH Networks
  • About
    • About/Key achievements
  • Summer Schools
  • Events & Programmes
    • Digital Health Summer Schools
    • Awards
    • Journal Club
    • Mentoring
    • Webinars
  • Communities
    • CCIO Network
      • CCIO Handbook
    • CIO Network
    • CNIO Network
      • CNIO Handbook
    • ICS Digital Council
    • CSO Council
    • Advisory Panels
      • CCIO AP
      • CIO AP
      • CNIO AP
      • Elections
  • Sponsors
    • Become a Sponsor
  • Log-in