Cyber Aware Issue: Russian cyber activity in and around Ukraine
Update 2nd March 2022:
As you may have seen, NHS Transformation Team and Digital Social Care have updated their alert on the cyber security threat posed by the Russian invasion of Ukraine.
This update encourages care providers to contact LSOs if they require advice on actions to take to.
As you will see these actions include:
Ensure you have completed or are working towards your Data Security and Protection Toolkit submission. If you have already completed it but have changed your IT systems or developed new services, revisit and use the Toolkit to ensure you’ve thought through the implications of any changes.
Notify your IT team or the person responsible for IT, this should also include suppliers of any IT systems that you use such as digital care plans. Make sure they are keeping up to speed with emerging cyber threats, such as Russia/Ukraine and the Log4J vulnerability, and taking appropriate actions to protect the systems you use. For ease, you can send them this information and the NCSC has issued the guidance for all UK organisations.
Create or update your data and cyber security Business Continuity Plan. You can use a template and guidance produced by Digital Social Care.
Ensure that you are following correct procedures for conducting back-ups. See Digital Social Care guidance – Back Up Your Data.
Consider purchasing cyber insurance
Report any cyber incidents. Contact the National Cyber Security Centre via ncsc.gov.uk.
Can you please:
Share information with your networks: url is https://www.digitalsocialcare.co.uk/cyber-aware-issue-russian-cyber-activity-in-and-around-ukraine/ and we attach the word document which you can send out directly to contacts. You may wish to update with your own contact details.
Record the enquiries that you receive about Russia/Ukraine – we want to get a sense of the scale and topic
Refer any queries that you cannot answer to the Digital Social Care helpdesk 0208 133 3430 (Mon-Fri 9-5) or email help@digitalsocialcare.co.uk
In turn, if the DSC helpdesk is unable to answer question, they will be referred on to NHS Transformation Directorate.
Repost from Digital Social Care 11th February 2022:
Events such as tensions on the Ukraine/Russia border may feel very far away, but all UK organisations have been encouraged to take action in response to malicious cyber incidents, and ensure they are taking cyber safeguards. Care providers are encouraged to check their cyber security arrangements and their practices in the light of this recent activity.
The National Cyber Security Centre (NCSC) is keeping track of cyber developments. They have separately highlighted an increased global threat of ransomware, and recently updated their guidance on heightened threat.
In relation to cyber events in and around Ukraine, NCSC are unaware of any current threats to UK organisations (w/c 7 February). However, they are stepping up their calls for organisations to build resilience and stay ahead. This means taking actionable steps to reduce the risk of cyber attacks and their impact if they happen to your organisation.
Michelle Corrigan, Programme Director of Better Security, Better Care says:
“This recent report of malicious cyber incidents in an around the Ukraine may feel like a remote risk for care providers in England – but in the cyber world, we are all neighbours. Cyber criminals seek out weaknesses wherever they can find them. Care providers should use the Data Security and Protection Toolkit to assess and improve how they protect their information. But it isn’t a one-off exercise. They need to ensure they follow good cyber security practice in order to reduce the risk of falling victim to malicious cyber attacks – or unintended breaches.”
As a care provider, you should:
Keep your Data Security and Protection Toolkit submission up to date. For example, if you have changed your IT systems or developed new services, use the Toolkit to ensure you’ve thought through the implications of any changes. Don’t leave gaps in your cyber security.
Contact your IT leads and suppliers if you have not done so recently: Make sure that they are keeping up to speed with emerging cyber threats, such as the Russia/Ukraine and the Log4J vulnerability, and taking appropriate actions to protect the systems you use.
Create or update your data and cyber security continuity plan: You can use our template plan and guidance. You might find NCSC’s information for small and medium organisations helpful for additional ideas.
Consider purchasing cyber insurance
Report any cyber incidents: Contact the NCSC via https://report.ncsc.gov.uk/.
For more information please get in touch with our Data Security and Protection Toolkit representative Karen Holley.