Jakub JirsÃ¡k - stock.adobe.com
NHS Scotland has signed up Check Point to secure and streamline the management of sensitive health data held in the cloud, and bring the hyperscalability needed to support the rapid roll-out of its Covid-19 apps and services, and incoming vaccine management systems.
With the volume of data it generates having increased tenfold since 2015, NHS Scotland has been on an 18-month journey to move its healthcare data and services into the Microsoft Azure cloud. Securing this data is clearly becoming ever more important and it has become crucial to ensure visibility into the information, who has access to it, where it is being shared, and what is done with it.
Thanks to the devastating WannaCry incident, this process was already well in hand, but this was reckoning without the impact of the Covid-19 pandemic. Since the spring of 2020, NHS Scotland’s cloud infrastructure has needed to power the Test and Protect services across Scotland, and the Protect Scotland contact tracing app.
NHS Scotland is also now developing new systems to schedule and manage the Covid-19 vaccination process, so it is now even more critical that these services are completely secured, given the laser focus of malicious actors on healthcare.
Deryck Mitchelson, CISO at NHS Scotland, said the organisation’s selection of Check Point’s CloudGuard – which it has already been using on-premise – would now be key in enabling it to add new cloud workloads and services now and in the future without having to constantly review and deploy new security infrastructure.
“This means we can focus on the critical public-facing tasks where we can add real value, such as developing and running Scotland’s Test and Protect services,” said Mitchelson. “Right now we are building our vaccination management systems, and our cloud-first approach gives us the agility and scalability we need to roll it out nationally while being sure that data and services are secured.”
The organisation has implemented a version of Check Point’s cloud security blueprint and is using CloudGuard infrastructure-as-a-service (IaaS) in a so-called hub-and-spoke model, where endpoint protection pushes data back and forth via centralised hubs to all the various health boards (the spokes) that it is protecting. Check Point said this enabled improved visibility, and appropriate segmentation within NHS Scotland’s Azure cloud.
CloudGuard also provides data loss protection features, which means NHS Scotland can better support its compliance with the General Data Protection Regulation (GDPR).
Read more about healthcare security
- A £500,000 funding pot from the government aims to help support small and mid-sized healthcare firms during the pandemic.
- Healthcare IT and security administrators must understand the evolving challenges of protecting healthcare IoT devices and data to keep patients safe.
- Clinician and technologist Sam Shah helped set up NHSX in 2019. Now he’s helping advance digital transformation in healthcare from the outside, and a big part of that is addressing security in the sector.
Meanwhile, Check Point Maestro is delivering the hyperscale features needed by NHS Scotland, enabling it to expand security gateways to hyperscale capacity on demand, while SandBlast Zero-Day Protection is in use to guard against new malware, zero-day and targeted attacks from getting through in real time.
Mitchelson said: “To protect Scotland’s health data, we need to ensure the data is secure at every point of entry. Having next-generation firewalls that are scalable and give us that protection is exactly what we need built on top of the public cloud.
“One of the things I liked with Check Point is its integration with the SIEM vendor we’re working with. That means that we don’t have to go and actually start writing and creating configurations, it just links in and just automatically starts to work.
“Health data is probably Scotland’s most valuable asset, so it’s essential that it remains absolutely secure wherever it is being stored or accessed. We now have much more visibility than we had before we implemented the Check Point solutions. We can really understand where the data is and who is accessing it, from where, and ensure it is protected at every point of entry.”