Cyber security

See: cpe.org.uk/dstemplates.

NHS England’s CareCERT will offer advice and guidance to support health and social care organisations to respond effectively and safely to cyber security threats. They will plan to do so through a number of programmes:

1. CareCERT Assure – interested with organisation’s cyber security preparedness.
2. CareCERT React – provides guidance and advice on data security incidents.
3. CareCERT Knowledge – e-learning service

CareCERT also work with the National Cyber Security Centre (NCSC). The NCSC provides national guidance.

The standard NHS system settings are determined by the Warranted Environment Specification (WES), which itself specifies which versions apply in regards to:

• operating systems (e.g. Windows 7 minimum (see pharmacy guidance regarding Windows migration), older Windows versions are no longer falling within the common settings);
• internet browsers (e.g. Microsoft Internet Explorer 11, older IE versions are no longer falling within the common settings);
• java version (the version of the computer programming language being used, which is intended to let programs run smoothly); and
• Smartcard-related drivers.

Community Pharmacy England is working with NHS England regarding cyber security pharmacy visits interviews and surveys.

NHS data security centre are speaking with a number of community pharmacies.

The findings of calls or visits will be anonymised and recommendations will be provided in due course.

The UK government has introduced the Cyber Security and Resilience Bill to strengthen national defenses against growing cyber threats. On 1st April 2025, a detailed policy statement statement was released, providing clarity on the bill’s scope and objectives. The bill is anticipated to reach Parliament later in 2025, with subsequent amendments and consultations shaping its final form. Its full scope and remit are yet to be confirmed, but key areas expected to be addressed include cyber training, incident reporting, safeguarding critical infrastructure across the UK, enhancing supply chain security, and fostering public trust in data security.

Community Pharmacy England previously reported  about a widely reported cyber attack and NHS England may provide updates on attacks on their website. Community Pharmacy England and NHS England may report in future on major cyber risks.

One way to help reduce cyber risks is to be suspicious of unsolicited emails and to be especially cautious of attachments or visiting website links within unsolicited emails. A significant case study past examples are set out below:

“Wanna Decryptor” Ransomware”

A number of NHS organisations reported to NHS England back in 2017, that they had been affected by a ransomware attack. This attack was not specifically targeted at the NHS and affected organisations globally across a range of sectors.

The attack was understood to involve ransomware called Wanna Decryptor, Wanna Cryptor, WanaCrypt0r, WannaCry or WCry. It spread quickly around the world infecting Microsoft Windows operating systems and servers.

Once a system is infected, the ransomware may store malicious encrypted files on the infected computer, and request a payment in order to ‘unlock’ the terminal.

If you believe a computer has been affected by a major virus threat you should immediately disconnect the network cable/switch off WiFi network access and power the computer down, then contact your IT provider’s helpdesk.

Always consult your IT provider/helpdesk before taking any action that might affect your system.

If a computer on your network becomes infected with ransomware it will begin encrypting local machine files and files on any network device the logged-in user has permission to access. For system administration accounts this may include backup storage locations.

NHS England advise that to avoid computers becoming infected with ransomware and to enable recovery, where a computer does get infected, pharmacy contractors should seek to ensure that:

• A programme of education and awareness training is provided to staff to ensure they don’t open email attachments or follow links within unsolicited emails’
• All operating systems, antivirus and other security products are kept up to date;
• All day to day computer activities such as email and internet are performed using non-administrative accounts and that where administrative privileges are assigned, this is at the lowest level which allows the individual user to perform the functions that their role requires;
• All critical data is backed up, and backups must be protected and kept out of the reach of ransomware; and
• Multiple backups should be created on a regular basis, including at least one off-network backup (e.g. to tape).

The only guaranteed way to recover from a ransomware infection is to restore all affected files from their most recent backup.

Contractors should sign up to receive NHS IT service alerts to their email account and mobile phone.

Read more at:

• Community Pharmacy England Briefing: Ten steps to cyber security within your pharmacy
• Cyber security tips IT factsheet.
• News: Cyber security (digitalhealth.net)
• Little Book of Cyber Scams guidance (Met Police)