Check out our animation about keeping your health data secure:
What is a malicious external data breach?
wow
Follow Rezina's story to learn more
START
It’s the end of Rezina’s shift as a nurse in the intensive care unit.
Rezina sees an email urgently encouraging her to complete a security update by following a weblink.
+ info
CONTINUE
Rezina clicks on the link, only to discover it was a scam email, designed to disrupt hospital services by
blocking or stealing patient data on the IT system.
CONTINUE
This is a malicious
external breach. Patients' data has been purposely put at risk by an external force.
CONTINUE
Rezina later learns that many IT systems across the country have been badly affected by this cyberattack.
CONTINUE
There are many different ways in which hackers might use these techniques to steal or corrupt patient data in the IT system.
CONTINUE
In a phishing attack, an attacker may steal the data and be able to view it or sell it on the black market which makes it very vulnerable.
A ‘phishing’ email tricks an individual into revealing sensitive information, such as login credentials, which give the attacker access to internal IT systems.
CONTINUE
Alternatively, opening a link in an email containing ‘ransomware’ releases dangerous software onto the device, which encrypts its data so that it cannot be accessed.
Hackers may demand a ransom from the health service before the data can be accessed again.
CONTINUE
In a ransomware attack, the attacker may not actually view or steal your data. However disruption caused by any cyber attack can be huge.
Disruption for patients...
Disruption for services...
Patients are unable to get care and may feel worried about this loss of privacy.
Services are left unable to deliver care.
CONTINUE
Even when quickly resolved, cyber attacks can leave serious consequences on the health and data of the public. This highlights why prevention is critical.
The NHS takes extensive measures to prevent such occurrences.
However, if they occur, services must have plans in place to help them maintain services as best as possible. Where there is a likely high risk to patient data, they must also report the breach to the Information Commissioner's Office, or ICO, who regulate and enforce data protection laws in the UK, and inform patients of the event.
CONTINUE
Health services take many steps to support the security of your data.
Services must review and report on their data security practices in line with clear quality standards.
Provide ongoing data security training to staff.
Appoint specific roles who monitor and advise on data security to health services.
CONTINUE
The ICO will work with the affected organisations to learn from what went wrong and take steps to prevent it happening again.
CONTINUE
The ICO may take action, such as fines, against affected health services or the provider of the IT systems, if they find that security measures before the incident or the response to an incident falls short of what is needed to keep data safe.
Fines are a last resort for the public sector as they would take money out of the health service, which would only put patients at further risk.
CONTINUE
Click the buttons below for more information:
Read the research behind these resources.
Explore ICO information for the public.
Review NHS England guidance on data breaches.
Check out UPD’s health data policy explainers.
Find out how the ICO has been taking action in response to incidents in the health sector.
Check how well specific services perform on data security measures.
Read about an example of new technology improving security.
Learn about some examples of security roles in services.
Got an idea?
Let the communication flow!
With Genially templates, you can include visual resources to wow your audience. You can also highlight a particular sentence or piece of information so that it sticks in your audience’s minds, or even embed external content to surprise them: Whatever you like! Do you need more reasons to create dynamic content? No problem! 90% of the information we assimilate is received through sight and, what’s more, we retain 42% more information when the content moves.
- Generate experiences with your content.
- It’s got the Wow effect. Very Wow.
- Make sure your audience remembers the message.
Malicious external data breach v1
Lauren McDonald
Created on September 19, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Terrazzo Presentation
View
Visual Presentation
View
Relaxing Presentation
View
Modern Presentation
View
Colorful Presentation
View
Modular Structure Presentation
View
Chromatic Presentation
Explore all templates
Transcript
Check out our animation about keeping your health data secure:
What is a malicious external data breach?
wow
Follow Rezina's story to learn more
START
It’s the end of Rezina’s shift as a nurse in the intensive care unit. Rezina sees an email urgently encouraging her to complete a security update by following a weblink.
+ info
CONTINUE
Rezina clicks on the link, only to discover it was a scam email, designed to disrupt hospital services by blocking or stealing patient data on the IT system.
CONTINUE
This is a malicious external breach. Patients' data has been purposely put at risk by an external force.
CONTINUE
Rezina later learns that many IT systems across the country have been badly affected by this cyberattack.
CONTINUE
There are many different ways in which hackers might use these techniques to steal or corrupt patient data in the IT system.
CONTINUE
In a phishing attack, an attacker may steal the data and be able to view it or sell it on the black market which makes it very vulnerable.
A ‘phishing’ email tricks an individual into revealing sensitive information, such as login credentials, which give the attacker access to internal IT systems.
CONTINUE
Alternatively, opening a link in an email containing ‘ransomware’ releases dangerous software onto the device, which encrypts its data so that it cannot be accessed. Hackers may demand a ransom from the health service before the data can be accessed again.
CONTINUE
In a ransomware attack, the attacker may not actually view or steal your data. However disruption caused by any cyber attack can be huge.
Disruption for patients...
Disruption for services...
Patients are unable to get care and may feel worried about this loss of privacy.
Services are left unable to deliver care.
CONTINUE
Even when quickly resolved, cyber attacks can leave serious consequences on the health and data of the public. This highlights why prevention is critical. The NHS takes extensive measures to prevent such occurrences.
However, if they occur, services must have plans in place to help them maintain services as best as possible. Where there is a likely high risk to patient data, they must also report the breach to the Information Commissioner's Office, or ICO, who regulate and enforce data protection laws in the UK, and inform patients of the event.
CONTINUE
Health services take many steps to support the security of your data.
Services must review and report on their data security practices in line with clear quality standards.
Provide ongoing data security training to staff.
Appoint specific roles who monitor and advise on data security to health services.
CONTINUE
The ICO will work with the affected organisations to learn from what went wrong and take steps to prevent it happening again.
CONTINUE
The ICO may take action, such as fines, against affected health services or the provider of the IT systems, if they find that security measures before the incident or the response to an incident falls short of what is needed to keep data safe.
Fines are a last resort for the public sector as they would take money out of the health service, which would only put patients at further risk.
CONTINUE
Click the buttons below for more information:
Read the research behind these resources.
Explore ICO information for the public.
Review NHS England guidance on data breaches.
Check out UPD’s health data policy explainers.
Find out how the ICO has been taking action in response to incidents in the health sector.
Check how well specific services perform on data security measures.
Read about an example of new technology improving security.
Learn about some examples of security roles in services.
Got an idea?
Let the communication flow!
With Genially templates, you can include visual resources to wow your audience. You can also highlight a particular sentence or piece of information so that it sticks in your audience’s minds, or even embed external content to surprise them: Whatever you like! Do you need more reasons to create dynamic content? No problem! 90% of the information we assimilate is received through sight and, what’s more, we retain 42% more information when the content moves.