Cyber Guidance for GP Practice

NHSE SWL has released some Cyber Guidance notes for practices, these considerations may be useful for any practice wishing to review or update a practice policy:

What to do now:

• Ensure all devices are switched on regularly, left on during the day (at least once per week) and rebooted when asked.  If it is safe, leave on overnight to reduce daytime bandwidth.
• Ensure your Business Continuity is in place and tested.
• They suggest you do not store devices in cupboards for months one end unused.
• You must not open suspicious emails.
• You must not plug phone systems, Medical Devices or 3rd party devices into the network without engaging with your ICB via the Service Desk first.
• Remind staff to not open attachments received from personal emails.
• Ensure all locums are briefed on cyber security.
• Ensure business software is updated by the practice regularly or the ICB engaged via the Service Desk to assist with automated patching.
• Ensure key messgages around cyber security are shared with all new staff and locums.

Do staff and locums understand their responsibilites, for example have they:

• Undertaken regular training.
• Understand they should only navigate to appropriate sites.
• Should not use administrative accounts.
• Have strong passwords and accounts are not shared.

In the event of a cyber issue:

• Print your clinic lists.
• Look for email updates via mobile devices as these are less likely to be impacted.
• Look for unusal activity and report any concerns to the Service Desk.
• Do not install any software if asked to do so by unknown vendors or at the request of cold callers.
• Be prepared to shut devices down if requested to do so by IT or if the practices notices mutiple infections.
• Act quickly on instructions from either the ICB or NHSE Teams.
• Ensure that an emergency mobile, known by the ICB, is always charged and monitored during an incident.

The ICB response in the event of a cyber-attack, they will:

• Provide regular updates to the GPs via our Incident Response Comms plans, which includes cascading to practices.
• Provide incident advice on our website.
• Update your Windows and anti-virus software and OS Patching.
• Update NHSE on posture and compliance.

What to do if your Practice receives a Cyber Alert or Cyber Notification:

1. Your GP Practice receives a CareCERT Notification or Alert.
2. Your GP Practice sends the CareCERT Notification to the ServiceDesk.
3. The ServiceDesk triages and sends to the ICB Cyber Security Team for detailed assessment.
4. Depending on the assessment, this will be passed to the relevant operational team to resolve as appropriate.
5. The operational team resolves the Cyber issue (or escelates) and closes the call as normal.
6. If the traige suggests the alert is a bigger issue the Service Desk may call a Major Incident (MI) and the MI process will start and the Practice will be notified that there is a MI and any action that they may need to take.

What to do if your Practice receives a Cyber Bulletin:

• GP Practice receives a CareCert Bulletin.
• There is no need for the practice to take any action as the Service Desk receives these and they are for information purposes only.

About this page

Updated on Thursday 22 August 2024

311 views