Written by John Noble CBE, Advisory Board member 

In the final instalment of this blog (read part two here or part one here), Reliance acsn Advisory Board Director John Noble CBE shares his experience of working with NHS Digital and government bodies to secure the NHS against cyber attack – and how the COVID-19 pandemic has made this more important than ever.

As I write this, an advisory has been issued by the NCSC exposing malicious cyber campaigns targeting healthcare organisations involved in the coronavirus response. It’s a stark reminder that the NHS, for all the outstanding work it does every day, and particularly in the current time of crisis, is seen by malicious cyber actors as a legitimate target. Here’s how NHS Digital has worked closely with NCSC and security teams across the NHS to maximise its defences.

The NHS, Cyber and the Data Security Centre

Keeping NHS Digital’s own systems secure has to be the primary focus of me and my colleagues. However, NHS Digital – through the Data Security Centre (DSC) – also provides critical cyber security support for the rest of the NHS system, so ensuring that support is effective in this area is a constant concern too. I am pleased to say that in implementing the WannaCry report, The Department of Health and Social Care, NHS Digital, NHSX and local NHS Information Security teams have made good progress in improving the standard of cyber security.

To highlight just some of what this programme of work has involved it has:

  • Created a Cyber Security Operations Centre which, on average, blocks over 21 million items of malicious activity every month.
  • Provided licences to enable NHS Trusts to upgrade to Windows 10, a key part of which has been the provision of Microsoft’s Advanced Threat Protection (ATP). This now provides endpoint security across 1.3m connected devices, giving the NHS a view on cyber threat status and vulnerabilities, locally and nationally, across its IT estate.
  • Improved sharing of threat information – much of which comes from the NCSC – through an information-sharing portal. Standards for the timing and implementation of critical updates have been agreed.
  • Set standards through measures like the Data Security and Protection Toolkit (DSPT) to enable NHS and Social Care organisations to assess their cyber security resilience against national standards.
  • Created a network of Cyber Associates to own and advise on cyber security within the NHS, with over 1000 members in 700 NHS organisations.
  • Launched Secure Boundary, a centrally funded solution which protects NHS organisations from the most sophisticated cyber threats.

Cyber Security, COVID-19, and growing risks

The risk the NHS is carrying during the pandemic has clearly increased because, now more than ever, it cannot afford any disruption – and disruption is what cyber- attacks deliver in spades. As the NCSC threat report highlights, we should be in no doubt that there are groups and individuals who want to target the NHS and other healthcare organisations.

Of concern are ransomware attacks mounted by large and sophisticated criminal groups. These have impacted many organisations, including parts of the NHS supply chain. Of course, we must be prepared for other hostile actors. For example, we are seeing lower-level criminals using COVID as an opportunity to commit business email compromise (BEC) and fraud. There are also nation states who are using cyber to promote their national interest. The importance of ensuring that critical NHS systems remain available has therefore never been higher. That requirement, and the ongoing need to protect sensitive data, means we cannot afford the consequences of a successful cyber-attack – hence the importance of the work of NHS Digital’s work with the NCSC and NHSX and in creating a COVID19 Cyber Action Plan.

The plan focuses on the requirement to detect, prevent and respond, and includes:

  • Making additional specialist cyber security advice available to Trusts, through the NCSC. This work is designed to tackle vulnerabilities that have been identified and providing enhanced incident response capability to
    mitigate any attack.
  • The provision of enhanced threat intelligence and threat hunting capabilities to NHS Digital, through the NCSC.
  • Guidance to the sector on secure remote working.
  • Making Protective DNS (PDNS) available to the NHS, to prevent access to domains known to be malicious.

Data is also a vital consideration. As we have seen in the second instalment of this blog, data is essential for understanding and tackling COVID-19. As a result, there is sometimes pressure to share data more quickly and more widely.

However, we must never forget that healthcare data is massively sensitive. The question that the NHS Digital governance process must address is: ‘Does this organisation need this information and how will they protect it?’


In summary, I am proud to be able to say that I have in some way supported what the men and women of NHS Digital work so hard at – delivering, maintaining and protecting the NHS’s critical digital services, and particularly in the wake of the massive extra demands placed on them by the current pandemic. There is of course much more to do and, as I have discussed many times with my colleagues at Reliance acsn, the competing realities of cost and usability mean that it is impossible to have 100% security. However, we must make every possible effort to protect these critical services. So perhaps next Thursday evening, when you are applauding the NHS, you will join me and give an extra clap for NHS Digital and their partners across the Health Service and wider government, too – because it is they who are helping to keep the NHS safe.


John Noble is an experienced senior leader with a strong track record for operational delivery and strategic business change, formerly the Director of Incident Management at the National Cyber Security Centre (NCSC), where he led on nearly 800 major cyber incidents; This work has given him unrivalled experience in dealing with and understanding the causes of cyber issues. Prior to that, John spent four years at the British Embassy in Washington, USA.

During more than 40 years of government service, John has built collaborative, diverse and high performing teams and has excelled at creating effective partnerships.. For his work in creating effective partnerships in the run up to the London Olympics, he was awarded a CBE in 2012.

John Noble CBE Reliance acsn Advisory Board member

Need advice on cyber security? Reliance acsn has a standing arrangement with some of the UK’s foremost cyber security experts. Book your consultation slot here.

  • PLUS
  • Certified Information Systems Security Professional
  • PCi
  • Information Security Management System - ISO Certified
  • Cisco Certified CCIE
  • Centre for Internet Security
  • TOGAF 9
  • HM Government G-Cloud Supplier
  • crest

Get in touch