SMS alerts to boost secure NHS communications for cyber incidents

NHS Digital has established what it describes as an additional effective and secure system to deliver essential cyber security updates across the whole NHS.

During major security incidents, CareCERT bulletins and updates can now be sent out using short message service (SMS) alerts, following a successful pilot. Contacts in Acute, Ambulance and Mental Health Trusts, Clinical Commissioning Groups and Commissioning Support Units can receive the alerts through this additional channel.

SMS will be used to issue an alert to highlight a high severity security incident, followed by another which signposts colleagues to NHS Digital’s external website for the latest information from CareCERT’s specialist team. CareCERT works closely with the National Cyber Security Centre (NCSC) during major incidents and analyses multiple intelligence sources to ensure that users are provided with expert guidance.

The alerts are sent using the free government alert service, GOV.UK Notify. Messages can be sent to NHS organisations across the country without the need for NHS Mail or any other national applications.

The team is also working with the National Cyber Security Centre (NCSC) to establish a professional network of IT and security professionals in health and care who could share invaluable insights during a cyber-attack in a secure online environment. .

The pilot uses the NCSC Cyber Security Information Sharing Partnership (CiSP) forum, which is already used to discuss local challenges, recommendations and good practice but has the added benefit of being able to add private groups. In the event of a large-scale incident, representatives from affected organisations can be invited to a closed group to discuss their situation in a private and secure setting, with the ability to receive intelligence that could not be openly shared.

Toby Griffiths, Innovation & Development Lead at the Data Security Centre, said: “Finding a secure way to communicate nationally with NHS organisations during a major incident was a priority for us following the WannaCry incident in May.

“SMS was identified as an appropriate solution following feedback from users affected by WannaCry, as it offers an additional level of resilience beyond the standard channels used for sharing CareCERT updates. We want to take that a step further by building a professional network across the NHS through online collaboration. The NCSC forum allows us to share information securely that we might not otherwise be able to share.

“CareCERT is the official source of advice, guidance and national incident response for data security in health and care. Strengthening our communications in this way will ensure that key contacts are receiving critical updates during major incidents, especially when they might not have access to their email or work computer.”

Latest Issues

IDSc Annual Conference 2024

Hilton Birmingham Metropole Hotel
26th - 27th November 2024

IV Forum 2024

Birmingham Conference & Events Centre (BCEC)
Wednesday 4th December 2024

The AfPP Roadshow - Leeds

TBA, Leeds
7th December 2024

Decontamination and Sterilisation 2025 Conference and Exhibition

The National Conference Centre, Birmingham
11th February 2025

The Fifth Annual Operating Theatres Show 2025

Kia Oval, London
11th March 2025, 9:00am - 4:00pm

Infection Prevention and Control 2025 Conference and Exhibition

The National Conference Centre, Birmingham
29th – 30th April 2025