New channel utilises GOV.UK Notify platform to make health service IT teams aware of major incidents and direct them to advice
NHS Digital has launched an SMS channel using GOV.UK Notify for bulletins and updates from the CareCERT service during major security incidents.
It said the move follows a successful pilot, and will provide support for contacts in acute, ambulance and mental health trusts, along with clinical commissioning groups and commissioning support units.
SMS will be used to flash up a high severity incident, directing the recipients to NHS Digital’s website for more detailed information from its CareCERT team – which works closely with the National Cyber Security Centre (NCSC) during major incidents.
The service will make use of the GOV.UK Notify platform, marking a significant step into the health service from its base in central government. It circumvents the need to use NHS Mail or any other national applications.
The NHS Digital team is also working with the NCSC to establish a network of IT and security professionals in health and care who could share insights during a cyber attack through a secure online channel.
It is running a pilot using the NCSC Cyber Security Information Sharing Partnership (CiSP) forum. In the event of a major incident, representatives from affected organisations would be invited into a closed group to discuss their situation and receive intelligence that could not be openly shared.
Toby Griffiths, innovation and development lead at the Data Security Centre, said: "Finding a secure way to communicate nationally with NHS organisations during a major incident was a priority for us following the WannaCry incident in May.
"SMS was identified as an appropriate solution following feedback from users affected by WannaCry, as it offers an additional level of resilience beyond the standard channels used for sharing CareCERT updates. We want to take that a step further by building a professional network across the NHS through online collaboration.
“The NCSC forum allows us to share information securely that we might not otherwise be able to share.”