Hywel Dda University Health Board (HDUHB) has awarded a five year contract worth £194,325 to Meta Compliance for a platform promoting cyber resilience against phishing attacks through training and reporting.
The contract means licences will be renewed across the health board, allowing digital services to train staff on identifying phishing attacks and responding “with confidence”, providing training content around awareness and reporting.
The solution is also said to provide digital services with “metrics to track trends and identify areas where further awareness or knowledge sharing is required”.
HDUHB is looking to align the contract with neighbouring Swansea Bay University Health Board to allow for “significant” technical, operational, and financial savings.
Wider trend: NHS cyber resilience
For a December panel discussion, we explored cyber resilience within the NHS, focusing on some of the strategic challenges in this area around preparedness and recovery. Our panellists also discussed how to embed resilience into clinical, technical, and governance frameworks and make cyber security a priority across the healthcare sector. We were joined by Hubert Ametefe, CISO at Bedfordshire Hospitals NHS FT; Mike Fell, director of national cyber operations at NHS England; Julian Wiggins, healthcare solution director at Rackspace Technology; and Nasser Arif, cyber security manager for London NW University Healthcare and The Hillingdon Hospitals.
NHS England has shared plans for the reprocurement of the cyber operations external attack surface management system, launching a market engagement process. The engagement intends to brief the market ahead of procurement of a solution to protect IT systems that are internet-facing against cyber threats, with the scope to be delivered as a national service to NHS organisations. So far, NHS England has outlined how the solution should build on previous lessons learned, helping to reduce cyber risks and improve the overall understanding of security weaknesses within the NHS. It should also use “severity-based prioritisation of remediation” to address vulnerabilities and concerns, especially around exposed assets.
The UK Government has updated its Cyber Action Plan, to tackle “critically high” cyber risk as part of the Roadmap for Modern Digital Government, looking to move toward proactive action, clear accountability, mandatory requirements, and comprehensive central support. £210 million has been invested in forming a new Government Cyber Unit, to provide direction and expert support. A target of making all government organisations resilient to known vulnerabilities and attack methods by 2030, set out in the Government Cyber Security Strategy in 2022, is now considered “not achievable”, according to the government. The plan presents a “new way forward” to set clear expectations, measurable objectives, and outcomes, following consultation with different departments, public sector organisations, industry partners, and the Government Cyber Advisory Board.
