We have achieved Cyber Essentials accreditation as part of our ongoing work to ensure the healthcare data we collect is kept secure.

The government-backed, Cyber Essentials Scheme covers the basics of cyber security in an organisation’s IT system. Implementation of these controls can significantly reduce the risk of prevalent but unskilled cyber-attack. The Scheme is reported to help increase security against common cyber-attacks by 80%.

PHIN already held ISO 27001 status – an internationally recognised best practice security management framework – and has welcomed the positive impact Cyber Essentials has had on its implementation. Specifically, tightening its technical infosec controls and adding to its maturity.

David Minton, PHIN’s Chief Technology Officer, said:

“We understand the great responsibility we have in collecting healthcare data and publishing information for patients. Data security is our number one priority and in 2023 we were proud that across two ISO 27001 surveillance audits there were zero non-conformities and zero opportunities for improvement.

“We are constantly evolving our cyber security and as we work closely with NHS England which is increasingly promoting Cyber Essentials alongside ISO 27001, it was important that we achieved this accreditation.”

“We remain alert to further dangers and opportunities, and take all the necessary steps to counter developing threats.”

The five key Cyber Essentials security controls are:

  1. Firewalls
  2. Secure configuration
  3. Access control
  4. Malware protection
  5. Patch management

These five controls have added a greater degree of protection to PHIN’s already robust cyber security stance.

Was this article useful?