This site uses cookies to improve your user experience. By using this site you agree to these cookies being set. To find out more, please read our privacy policy.

IT Security

NHS Informatics Merseyside delivers a comprehensive IT Security Service advising on all aspects of data and cyber security, and protection against threats, including phishing, spear phishing and ransomware attacks.

The service is IS027001 and cyber essentials certified and our security specialists boast a number of industry recognised information security certifications demonstrating our knowledge and expertise within this field. 

Service features

  • Security auditing and assurance - providing organisations with a measurable technical assessment of a system, data centre, network, or the entire organisation outlining areas of good practice and providing visibility to any weaknesses or vulnerabilities.
  • Security access management including Multifactor Authentication (MFA).
  • Completion of Data Protection Impact Assessments (DPIA) to analyse, identify and minimise data protection risks to support Data Security and Protection Toolkit (DSPT) requirements.
  • Advice and consultancy on digital security best practice, technologies and risk management, including consultancy in achieving the government backed cyber essentials certification scheme.
  • Provision of digital security awareness and training.
  • Social engineering attack simulation to gauge the effectiveness of information security awareness training and improve the resilience of your organisation to social engineering and phishing attacks.
  • Management of cyber alerts and escalation
  • Mature incident management including unauthorised access monitoring and forensic investigation.
  • IT security digital technology reviews and risk management.

Service standards

  • ISO27001 certification for ‘the provision of Informatics Security Consultancy / Support and Technical services.
  • Members of the NHS Digital Cyber Associates Network (CAN).
  • Members of the National Cyber Security Centre’s Cyber Security Information Sharing Partnership.
  • Members of the Cheshire and Merseyside Health and Care Partnership’s Cyber Security Group.
  • Qualified security professionals with certifications including System Security Certified Professional (SSCP), ISO Lead Auditor (ISO LA), Certified Information Security Management (CISM) and Health Care Information Security and Privacy Practitioner (HCISPP).


Our standards and certifications

CISM Certified Information Security Manager

CISM Certified Information Security Manager

We have certified information security management (CISM) expertise within Informatics Merseyside, which demonstrates our knowledge and commitment to information security. In addition to our technical competence, this validates our understanding of the relationship between information security and the goals and objectives of those organisations we support.

Cyber Essentials

Cyber Essentials

Informatics Merseyside is Cyber Essentials certified for our adherence to nationally approved guidance and best practice regarding cyber security.

Cyber Essentials consists of an assessment of security measures to ensure that the necessary 5 key controls are in place as a basic level of protection. These controls include:

  1. Boundary firewalls and Internet gateways for the prevention of unauthorised access.
  2. Secure configuration to ensure that systems in use provide only the necessary functions required for their roles.
  3. Access control to an appropriate level for employees with records of who has higher access within the company.
  4. Malware protection installed and kept up-to-date.
  5. Patch management to ensure that all software is the latest supported version.

You can read more about this certification on the National Cyber Security Centre website.

Cyber security awareness and support

COVID-19 Cyber Security Scams

COVID-19 Cyber Security Scams

NHS Informatics Merseyside is urging all colleagues to be extra vigilant following a rise in coronavirus-related cyber scams.

Coronavirus (COVID-19) related e-mails

NHS staff are being targeted with multiple variations of phishing emails which are pretending to deliver important coronavirus (COVID-19) updates and information.

These fake phishing emails contain different types of cyber-attacks, which include:

  • Links to fake OneDrive or Office365 logins – aimed at staff working remotely to capture username and password credentials.
  • Links to malicious websites – showing statistical coronavirus information whilst implanting malicious software on computers.
  • Malware infected attachments - which appear to be information and guidance documentation to be opened and circulated.

NHS Informatics Merseyside has detected and blocked more than 45 different fake websites, emails and sender addresses, but it is known there are many more of these fake coronavirus phishing emails still in circulation. If you receive a suspicious looking email:

  • Double-check the sender address – is it a known address? Does the address even look genuine/official?
  • Does the information within the body of the email look authentic?
  • If the email contains a link, hover the mouse cursor over the link and check the address, does the link look suspicious?

Tip: Remain vigilant at all times, do not open any suspicious links or attachments and report anything unusual to or contact your IT Service Desk.

View COVID-19 Phishing Emails Awareness Poster

Charity phishing  

Cybercriminals know that many people feel charitable at this time and may look to exploit your good will. They may send e-mails from a bogus charity or ones that purport to come from a legitimate charity. Beware - they may contain a link to a scam site.

Tip: Should you choose to donate money to charity, please ensure that any donations are sent directly through the legitimate website for the charity of your choice. 

Fake delivery emails 

With most shops closed and online ordering at an all-time high, it can be easy to lose track of what you have ordered online. Cybercriminals know this, and send out e-mails that purport to come from legitimate courier companies. These e-mails ask recipients to click on a link, which might take you to a scam website or download malicious code onto your device.

Tip: Check the sender’s address to ensure it is a legitimate company and go to the company’s own website to track your order rather than through the e-mail you have received.

Social media scams  

Cybercriminals use social media to tempt people to open and share content relating to coronavirus (COVID-19). Cybercriminals may even assume the identity of a ‘friend’ to help share content more successfully, without your real friend even knowing.

Tip: Please remain vigilant at all times and do not open any suspicious links or attachments.

Further information and support

For further information and guidance, please watch our video on the different cyber security scams taking place and what you should look out for.

COVID-19 IT Security Updates

Read COVID-19 IT Security Update - April 2020

Be Cyber Savvy

Be Cyber Savvy

Good cyber security is everyone’s responsibility, so do your bit to protect our patients and their data by following our top tips to be cyber savvy!

  • Report any suspicious emails to your IT Service Desk and then delete it!
  • Watch out for malware which spreads when you download or install infected software via a website link or an attachment.
  • Use a strong password such as a passphrase, which includes a mix of upper and lower case characters, a number or a special character.
  • Lock all screens and log out of systems when they are not in use.

Remain vigilant at all times, do not open any suspicious links or attachments and report anything unusual to or contact your IT Service Desk.

For further information, read our top tips to be cyber savvy!