Rawpixel - Fotolia
NHS Digital has signed a three-year partnership deal with IBM to improve the organisation’s cyber security services.
This includes expanding NHS Digital’s Cyber Security Operations Centre (CSOC) so it can provide better services to the NHS, such as vulnerability scanning and malware analysis, tailored to specific organisations.
NHS Digital will also be able to enhance its monitoring capability and analyse data from several sources to detect potential threats to the NHS, as well as having access to IBM’s X-Force repository covering threat intelligence.
Programme director for NHS Digital’s data security centre, Dan Taylor, said the partnership would give the organisation the ability to “draw on a pool of dedicated professionals from IBM” when needed.
“It will build on our existing ability to proactively monitor for security threats, risks and emerging vulnerabilities, while supporting the development of new services for the future and enabling us to better support the existing needs of local organisations. This will ensure that we can evolve our security capability in line with the evolving cyber threat landscape,” he said.
NHS Digital has made several improvements to its cyber security capabilities following the May 2017 WannaCry attack, which crippled the NHS.
The attack highlighted the need for better security measures in the NHS, and in July 2017, the government announced it would boost investment in NHS data and cyber security above the £50m identified in the Spending Review to address key structural weaknesses, such as unsupported systems.
The IBM contract will allow for security monitoring pilots across NHS organisations to test different security technologies and look at potential solutions that could be deployed across the health service.
An innovation service will also give the CSOC access to new and emerging technology and expertise to tackle new threats, which it will be able to adapt to the health and care sector.
“This partnership will allow us to share knowledge and skills from the information security industry, while continuing to develop our internal expertise and supporting health and care organisations to build their own cyber resilience,” said Taylor.
He said it would also improve “how we help to keep patient information and services safe and secure, enabling NHS staff and patients to have confidence in the security of our system”.
The WannaCry attack thrust the risk of unpatched operating systems into the spotlight. Following the attack, NHS Digital also signed a deal with Microsoft to ensure Windows XP machines would once again get security updates.
In January 2018, the deal was extended to give NHS organisations access to an alerts system from the supplier, which detects cyber security issues within an organisation, from system-wide problems down to those in individual devices.
Read more about IT security in the NHS
- NHS Digital deputy CEO Rob Shaw tells Public Accounts Committee that all 200 trusts assessed for cyber security, both before and after the WannaCry attack, failed assessments.
- Ransomware attack highlights system-wide issues around lack of infrastructure investment and the need for cyber security training and awareness among NHS staff.
- Government spending watchdog orders Department of Health and Social Care to work out the cost of the WannaCry ransomware attack on the NHS so trusts know where to target their cyber security spending.