IT Security
NHS Informatics Merseyside delivers a comprehensive IT Security Service advising on all aspects of data and cyber security, and protection against threats, including phishing, spear phishing and ransomware attacks.
The service is Cyber Essentials Plus certified and our security specialists boast a number of industry recognised information security certifications demonstrating our knowledge and expertise within this field.
Service features
- Security auditing and assurance - providing organisations with a measurable technical assessment of a system, data centre, network, or the entire organisation outlining areas of good practice and providing visibility to any weaknesses or vulnerabilities.
- Security access management including Multifactor Authentication (MFA).
- Completion of Data Protection Impact Assessments (DPIA) to analyse, identify and minimise data protection risks to support Data Security and Protection Toolkit (DSPT) requirements.
- Advice and consultancy on digital security best practice, technologies and risk management, including consultancy in achieving the government backed cyber essentials certification scheme.
- Provision of digital security awareness and training.
- Social engineering attack simulation to gauge the effectiveness of information security awareness training and improve the resilience of your organisation to social engineering and phishing attacks.
- Management of cyber alerts and escalation
- Mature incident management including unauthorised access monitoring and forensic investigation.
- IT security digital technology reviews and risk management.
Service standards
- Winner of the Innovation in Cyber award at the NHS Digital 2022 Cyber Associates Network (CAN) Awards
- Highly commended for the Individual of the Year award at the NHS Digital 2022 Cyber Associates Network (CAN) Awards
- Cyber Essentials Plus certified
- Members of the NHS Digital Cyber Associates Network (CAN).
- Members of the National Cyber Security Centre’s Cyber Security Information Sharing Partnership.
- Members of the Cheshire and Merseyside Health and Care Partnership’s Cyber Security Group.
- Qualified security professionals with certifications including System Security Certified Professional (SSCP), ISO Lead Auditor (ISO LA), Certified Information Security Management (CISM) and Health Care Information Security and Privacy Practitioner (HCISPP).
Achievements
2022 Innovation in Cyber Award
NHS Informatics Merseyside's IT Security Service won the Innovation in Cyber award at the 2022 NHS Digital inaugural Cyber Associates Network (CAN) Awards for our innovative work and commitment to enhancing cyber security awareness and resilience. You can read more about the awards on the NHS Digital website.
2022 Highly Commended Individual of the Year
Mark Williams, IT Security Consultant at NHS Informatics Merseyside, was highly commended at the 2022 NHS Digital inaugural Cyber Associates Network (CAN) Awards for his hard work, professionalism, and commitment to innovation and improvement. You can read more about the awards on the NHS Digital website.
Our standards and certifications
Cyber Essentials Plus
NHS Informatics Merseyside is Cyber Essentials Plus certified for our adherence to nationally approved guidance and best practice regarding cyber security.
Cyber Essentials Plus consists of an assessment of security measures to ensure that the necessary 5 key controls are in place as a basic level of protection. These controls include:
- Office Firewalls and Internet Gateways
- Secure Configuration
- Security Update Management
- User and Administrative Accounts
- Malware Protection
You can read more about this certification on the National Cyber Security Centre website.
Certified Information Security Experts
Our security experts hold a number of industry recognised information security certifications including Certified Information Security Management (CISM), Certified Information Systems Security Professional (CISSP), Health Care Information Security and Privacy Practitioner (HCISPP) and System Security Certified Professional (SSCP).
Cyber security awareness and support
COVID-19 Cyber Security Scams
NHS Informatics Merseyside is urging all colleagues to be extra vigilant following a rise in coronavirus-related cyber scams.
Coronavirus (COVID-19) related e-mails
NHS staff are being targeted with multiple variations of phishing emails which are pretending to deliver important coronavirus (COVID-19) updates and information.
These fake phishing emails contain different types of cyber-attacks, which include:
- Links to fake OneDrive or Office365 logins – aimed at staff working remotely to capture username and password credentials.
- Links to malicious websites – showing statistical coronavirus information whilst implanting malicious software on computers.
- Malware infected attachments - which appear to be information and guidance documentation to be opened and circulated.
NHS Informatics Merseyside has detected and blocked more than 45 different fake websites, emails and sender addresses, but it is known there are many more of these fake coronavirus phishing emails still in circulation. If you receive a suspicious looking email:
- Double-check the sender address – is it a known address? Does the address even look genuine/official?
- Does the information within the body of the email look authentic?
- If the email contains a link, hover the mouse cursor over the link and check the address, does the link look suspicious?
Tip: Remain vigilant at all times, do not open any suspicious links or attachments and report anything unusual to spam@imerseyside.nhs.uk or contact your IT Service Desk.
View COVID-19 Phishing Emails Awareness Poster
Charity phishing
Cybercriminals know that many people feel charitable at this time and may look to exploit your good will. They may send e-mails from a bogus charity or ones that purport to come from a legitimate charity. Beware - they may contain a link to a scam site.
Tip: Should you choose to donate money to charity, please ensure that any donations are sent directly through the legitimate website for the charity of your choice.
Fake delivery emails
With most shops closed and online ordering at an all-time high, it can be easy to lose track of what you have ordered online. Cybercriminals know this, and send out e-mails that purport to come from legitimate courier companies. These e-mails ask recipients to click on a link, which might take you to a scam website or download malicious code onto your device.
Tip: Check the sender’s address to ensure it is a legitimate company and go to the company’s own website to track your order rather than through the e-mail you have received.
Social media scams
Cybercriminals use social media to tempt people to open and share content relating to coronavirus (COVID-19). Cybercriminals may even assume the identity of a ‘friend’ to help share content more successfully, without your real friend even knowing.
Tip: Please remain vigilant at all times and do not open any suspicious links or attachments.
Further information and support
For further information and guidance, please watch our video on the different cyber security scams taking place and what you should look out for.
COVID-19 IT Security Updates
Be Cyber Savvy
Good cyber security is everyone’s responsibility, so do your bit to protect our patients and their data by following our top tips to be cyber savvy!
- Report any suspicious emails to your IT Service Desk and then delete it!
- Watch out for malware which spreads when you download or install infected software via a website link or an attachment.
- Use a strong password such as a passphrase, which includes a mix of upper and lower case characters, a number or a special character.
- Lock all screens and log out of systems when they are not in use.
Remain vigilant at all times, do not open any suspicious links or attachments and report anything unusual to spam@imerseyside.nhs.uk or contact your IT Service Desk.
For further information, read our top tips to be cyber savvy!