NHS Seeks Friendly Fire Power In Cyber War

28 November 2017 | Updated 01 January 1970

NHS Digital has announced (Nov 28) a £20m project to boost its ability to support the NHS with its data security - including making funds available to encourage 'friendly hackers' to find flaws in the organisations cyber protection.

This is not a dissimilar arrangement to Microsoft who offer major prizes for hackers to beat its inbuilt security protocols - so long as they tell the company and don't exploit the vulnerabilities they find.

The NHS Security Operations Centre will also provide monitoring of national services across health and care and will also enable NHS Digital to offer specific advice and guidance to local NHS organisations.

The new investment will boost the existing services provided. These include:

A monitoring service which analyses intelligence from multiple sources and shares guidance, advice, threat intelligence and remediation to relevant contacts in health and care.
On-site data security assessments for NHS organisations, to enable them to identify any potential weaknesses and to get the best value from local investment.
Specialist support for any NHS organisation which believes it may have been affected by a cyber security incident.
Ongoing monitoring of NHS Digital national systems and services.

Contract

NHS Digital is looking for a partner to support them with the project, enabling them to bring in additional specialist expertise and increase capability as and when required. The contract is tendered to run for three to five years.

Dan Taylor, Head of the Digital Security Centre at NHS Digital explains, "The Security Operations Centre will enhance NHS Digital's current data security services that support the health and care system in protecting sensitive patient information.

"The partnership will provide access to extra specialist resources during peak periods and enable the team to actively monitor the web for security threats and emerging vulnerabilities.

"It will also allow us to improve our current capabilities in ethical hacking, vulnerability testing and the forensic analysis of malicious software. And will improve our ability to anticipate future vulnerabilities while supporting health and care in remediating current known threats.

"By creating a national, near-real-time monitoring and alerting service that covers the whole health and care system, the SOC will drive economies of scale, giving health and care organisations additional intelligence and support services that they might not otherwise be able to access."

Picture: NHS Digital are looking for ethical hackers and a cyber security contractor

Article written by Brian Shillibeer | Published 28 November 2017