NHS Digital’s Data Security Centre (DSC) provides comprehensive support, free of charge, to increasingly digitized health and care organizations to manage cybersecurity risk.

This enables the safe and secure use of data and technology to deliver improved patient care.

It works to ensure the confidentiality, integrity and availability of patient data while protecting clinical and business systems from vulnerabilities and threats. This enables NHS organizations to remain focused on delivering day-to-day, local operational and clinical priorities and to provide safe, effective and efficient patient care.


Following a request from the UK Secretary of State for Health in 2016, Dame Fiona Caldicott carried out an independent review of information sharing to ensure an appropriate balance between the protection of patient information and the use and sharing of information to improve patient care. This included a review with recommendations to strengthen the security of health and care information and ensure people can make informed choices about how their data is used.

The review identified 10 data security standards, which included prioritizing user awareness and staff training to improve the security posture of all health and care organizations.


To ensure the NHS has a skilled workforce ready to respond to the increasing threat of cyberattack, NHS Digital partnered with IBM to provide health and care organizations with free user licences to the Immersive Labs platform.

For staff responsible for cybersecurity at an operational level, Immersive Labs provides realistic hands-on exercises to develop skills such as analytical thinking, problem solving, and perseverance. The content can be accessed any time, anywhere, with new material added weekly to encourage continuous learning.

The adaptive learning approach has enabled security operations teams across the system to develop their capability as well as prepare for and respond to potential cyber threats.


NHS staff had immediate access to over 500 adaptive learning and threat intelligence labs covering various cybersecurity topics, including ethical hacking, malware analysis and secure coding. There are labs suited to every level and various pre-set objectives that help guide learning. There is even a series dedicated to security in the healthcare industry, Immersive Care, with new content covering the latest threats added every week.

Immersive Labs is completely browser based and does not require installation or plugins. Through its gamified learning environments known as ‘labs,’ the platform helped staff upskill and, in turn, protect one of the world’s most important healthcare systems – the NHS.

The first lab was completed within one hour of Immersive Labs becoming available. After just eight months of use, 500 NHS staff had carried out over 300 hours of cybersecurity training, completing over 14,000 labs and modules across a diverse range of topics, including risk, compliance, penetration testing, threat hunting, and incident response.

This training will help to ensure that the NHS is better protected through a team of highly skilled specialist staff.

Immersive Labs is the world’s first human cyber readiness platform.

Our technology delivers challenge-based cybersecurity content developed by experts and powered by the latest threat intelligence. Our unique approach enables businesses to battle-test and evidence their workforce’s preparedness to face emerging cyber threats.


  • Reduce cybersecurity risk across the health and care sector
  • Quickly upskill hundreds of cybersecurity staff across dispersed locations
  • Ensure that the NHS is prepared and protected against cyberattack



  • IBM partnered with Immersive Labs to deliver immediate practical learning for NHS staff as part of its transformation project
  • NHS security staff have 24/7 access to a cloud-based cybersecurity skills platform providing practical, intelligence-led security labs
  • 500 specialist staff are now actively upskilling through Immersive Labs

June 19, 2020


Case Studies