NHSE seeks provider to support cyber resilience in NHS supply chain

  • 27 June 2024
NHSE seeks provider to support cyber resilience in NHS supply chain

NHS England is letting a contract worth £4.3 million to “enhance cyber risk visibility, assurance and resilience” throughout the NHS supply chain.

An invitation to tender, published by NHSE on 20 June 2024, said the supplier selected will help to develop a “national supplier management platform” to track cyber security risks.

It added that they must have “significant experience in the shaping of cyber functions and capabilities, through robust identification and assurance of suppliers”.

The contract will last three years, with an option to extend by 12 months.

The tender has been in the works for months, but the issue of cyber security in the NHS has become more prominent than ever following the attack on pathology system supplier Synnovis, which has hugely impacted services in London and led to data leaked online by hackers.

NHSE said the project sets out to address the “increasing cyber threat” posed by “vulnerabilities in suppliers’ systems”.

“Mapping of our critical and common suppliers will enable the identification and coordinated management of systemic and aggregate cyber supply chain risks to government,” NHSE said in its tender.

It added: “Supply chain cyber security principles and assurance will establish clear requirements for these suppliers, with the expectation that they provide transparent statements of adherence.

“Improved understanding of suppliers and their dependencies will also enable government to better respond to cyber security incidents that emanate from the supply chain.

“Such understanding will provide oversight of cross-government impacts and enable more focused and efficient engagements with the suppliers, ensuring that any incident is managed swiftly and efficiently.”

The contract is part of NHSE’s £200 million cyber improvement programme, which sits within its supply chain management workstream, with a commitment to deliver strategic outcomes by 2025.

Speaking at NHS Confed Expo on 12 June 2024, Mark Edwards, chief information security officer at Digital Health and Care Wales, predicted that cyber attacks on critical national infrastructure are likely to increase due to global conflict.

Meanwhile, NHS Dumfries and Galloway has warned almost 150,000 patients to assume that their personal data is likely to have been stolen and published online following a major cyber attack in March 2024.

Subscribe To Our Newsletters

Subscribe to our newsletter

Subscribe To Our Newsletter

Related News

More than 5,000 NHS Scotland data breaches since 2023

More than 5,000 NHS Scotland data breaches since 2023

More than 5,000 data breaches have been recorded across NHS Scotland health boards since January 2023, according to a FOI investigation.
More than half of patients report easy GP access through NHS App

More than half of patients report easy GP access through NHS App

More than half of patients said it was easy to contact their GP practice using the NHS App, the latest GP Patient Survey results show.
North East and Yorkshire trusts adopt tech for faster scan results

North East and Yorkshire trusts adopt tech for faster scan results

NHS England is expanding the rollout of Hexarad to help patients in the North East and South Yorkshire receive hospital scan results faster.