These days, organisations face a range of evolving cyber threats. The healthcare sector has a particularly hard time, as it needs to deal with more risks than most.
Not only do OES (operators of essential services) such as NHS organisations and their partners face the same automated attacks as organisations everywhere else but they must also defend themselves against more sophisticated attacks. Healthcare data is an attractive target, and cyber criminals will go to great lengths to obtain it.
Although healthcare organisations understand and increasingly prioritise the need to protect patient data, the sector still suffers the most cyber attacks annually. Our ‘list of data breaches in 2017’ infographic highlights 146 reported data breaches in the healthcare and health science sector, almost double the second highest of 74 for the public sector.
Compliance requirements for health and social care
In response to this increased threat, healthcare organisations must comply with both the GDPR (General Data Protection Regulation) and the DSP (Data Security and Protection) Toolkit, which superseded the IG (Information Governance) Toolkit in April 2018.
The DSP Toolkit is the minimum standard for cyber and data security for healthcare organisations and requires an annual compliance submission.
Furthermore, in May 2018, the NIS Directive (Directive on security of network and information systems) was enacted into UK law as the NIS Regulations. The NIS Regulations apply to OES, including most healthcare providers, and digital services providers. The NIS Regulations look to achieve a high common level of network and information security and aim to allow OES to continue to provide vital services in the event of a cyber incident.
Download our free green paper ‘DSP Toolkit and NIS Regulations: The impact for healthcare organisations’ to discover:
- The applicability of the DSP Toolkit and its scope;
- How the DSP Toolkit differs from the IG Toolkit and how organisations can comply with the new requirements;
- The scope and requirements of the NIS Regulations; and
- How to plan and coordinate both compliance projects.
For details on how to coordinate your compliance programme or to discuss our range of solutions, including documentation template, gap analysis and compliance services, speak to a healthcare expert >>