Interview, News, NHS trust

Jas Purewal, cyber consultant at Birmingham Women’s and Children’s Hospital: “getting board and senior management buy-in has been key”

Birmingham Women’s and Children’s Hospital NHS partnered with cyber security specialist Cynerio to introduce its healthcare cyber security platform, to provide visibility, meet Data Security and Protection Toolkit targets and other requirements, and support network segmentation.

HTN spoke with Jas Purewal, cyber consultant at Birmingham Women’s and Children’s Hospital, to learn more.

Jas shared that he has been in role as cyber consultant for the trust for around two and a half years. “Prior to that I was the IT infrastructure manager for the trust,” he said. “The role almost evolved over time; we realised that we had IT, infrastructure and the network covered, but we realised the need for a more dedicated focus on cyber security.

“We partnered with Cynerio to support our cyber security strategy, and after initially helping with achieving visibility on devices across the trust”, Jas added that his work with Cynerio evolved to also help the trust with meeting DSPT targets and other requirements.

“Now we’ve got that visibility we can identify each device, ask why it is on the network, and we can check that the relevant policies and procedures have been followed. It’s a real benefit that I believe Cynerio has provided to us as a trust.”

“The main thing for us has been getting board and senior management buy-in. I’ve got it to a point now where our cyber security training is mandatory, so if you haven’t got your cyber security training up-to-date, you can get locked out of the network. That was a big thing to get signed off. You get three strikes, so that’s plenty of warning. Getting board buy-in for that was key because it demonstrates understanding of the risk and importance of cyber training. Since we’ve had that, I think that traction and dedication to this space has really improved. It’s been great to have it recognised as everyone’s problem, not just the cyber team’s problem.”

We’d like to thank Jas for taking the time out to have a chat with us and to share his insights on the benefits of using Cynerio at Birmingham Women’s and Children’s.

In related news, HTN covered NHS England’s recently released guidance on network segmentation here. The guidance is intended for healthcare staff members responsible for the architecture, design, implementation and maintenance of their network security, sharing oversight of how network segmentation can prevent or mitigate lateral movement across a network in the event of a cyber attack.

Seven options for segmenting the network are shared, including implementing a perimeter sub-network between the public internet and the organisation’s internal network to add a security layer (a demilitarised zone); or setting up a virtual local area network, or VLAN – a custom network created from one or more local area networks, which enables a group of devices to be combined into one logical network. All seven options can be found in more detail here. NHSE also shares information on the technologies that can be used to implement the different network segmentation options, along with recommended focus areas.