NHS organisations will be offered free cyber security services from NHS Digital’s Data Security Centre through a new agreement with Accenture.
NHS Digital will provide hospital trusts and other NHS care providers with a range of new perimeter security services designed to decrease organisations’ vulnerability to cyber-attacks, including network intrusion detection and prevention capabilities, web content filtering and next-generation firewall.
The services will enable organisations to spot and respond more quickly to emerging security threats and will be offered free of charge to NHS trusts.
The new offering goes live in Winter 2019/20, with the contract set to run for five years at an estimated value of £40m, a spokesperson told Digital Health News.
They explained that the new capabilities would not be mandatory and would instead be made available for trusts to adopt by their own accord.
Rob Shaw, deputy chief executive of NHS Digital, said: “This deal is great news for NHS organisations. This is cutting-edge technology that will help keep patient information and NHS systems safe, at no cost to local organisations.
“For us, the more organisations that join, the better we will be able to see what is happening across the estate.
“This means that we will be able to monitor for threats more effectively, supporting the NHS to increase data security and helping to provide safer care for patients.”
The contract, signed with UK-based professional services firm Accenture, also covers data loss prevention and secure DNS services.
It will use a “bespoke combination” of products supplied by IT security firms Palo Alto Networks and Imperva.
Niamh McKenna, UK health lead at Accenture, said: “We are delighted to be supporting NHS Digital in this important journey.
“Security threats are ever more present in our increasingly connected world so enabling the safe and secure use of information within and outside the NHS is of paramount importance.”
Evolving threat landscape
NHS Digital continues to update its data security toolbox against a backdrop of evolving threats.
Data released through a Freedom of Information request in July revealed that NHS email systems were subjected to 11.4 million attempted cyber-attacks over a three-year period.
While ransomware remains a significant threat to the health IT landscape, a spotlight report published in May 2019 revealed that hackers are turning to new ways of attacking IT systems, including HTTPs tunnelling and exploiting unsecured internet of things (IoT) devices.
Speaking to Digital Health News last month, Dr Arslan Usman, a system developer at M2M and IoT communications provider Pangea, argued that encryption standards for internet-connected medical devices should be made mandatory.
- Calls for ‘urgent’ improvements in NHS cyber security presented to Parliament
- NHS Digital cyber chief puts emphasis on ‘protecting patient information’
- 100 NHS boards completed cyber security training since WannaCry