Protect Patient Data

These key cyber security threats have been identified as a risk to the NHS and our patients. Keep I.T. Confidential aims to help us understand more about these cyber security threats and know what steps and actions we can take personally to mitigate risk and protect our patients and their data.

Down arrow
Weak passwords

Weak passwords

Weak passwords risk breaches in patient confidentiality. The easiest way to protect yourself from cyber threats is by having a strong and varied password. Passwords are the best form of defence we have to prevent unauthorised access, so make sure you keep them private and out of sight of others.

The longer and more complex your password, the more difficult it is to crack.

Phishing Play button


Phishing is when hackers and criminals send unsolicited emails that contain attachments or links to try and trick people into providing access to information such as patient data, health care records or details of IT systems.

If an email looks untrustworthy, forward it to and delete it.

Tailgating Play button


Tailgating is when unauthorised people gain entry to a building by following a staff member through physical security facilities (doors, barriers, gates, etc.) to avoid detection. By letting people follow you, or swiping unauthorised people in, you could risk someone stealing patient data.

Don’t let unauthorised people follow you into restricted areas.

Unlocked screens

Unlocked screens

Unlocked screens are an open invitation to patient data theft. Locking screens and logging out of systems help prevent people from accessing sensitive or confidential information.

Keep your screens and devices locked with they’re not in use.

Social engineering Play button

Social engineering

Social engineering involves criminals using tricks or deception to manipulate people into giving access to information such as patient data, health care records or details of IT systems. A social engineer might call and pretend to be a fellow employee, ask you to hold the door for them, or pose as a "friend" on social media channels.

Challenge everyone who is unauthorised before giving out information or giving them access to secure areas.

Want to run a cyber campaign in your trust?

Download the campaign assets here