Health Tech Awards 2021 Finalists: Excellence in Cyber Security

As we continue our countdown to the Health Tech Awards 2021, which takes place on 7 October, we’ll keep showcasing the very best of all of our finalists and their potentially award-winning work.

We’ve already shared the solutions of entrants in categories on digital in primary care and cloud technologies, and now it’s time to shift the focus to finalists that have shown ‘Excellence in Cyber Security’.

A hugely topical and relevant area for health tech professionals, this category features three programmes and solutions that show how some trusts have been addressing and tackling issues to ensure a digitally safe and secure environment for all.

Ashford and St Peter’s Hospital NHS Foundation Trust and Cloud21

Ashford and St Peter’s Hospital NHS Foundation Trust has implemented a cyber security programme to meet national requirements, provide board assurance and save on employment costs.

After purchasing scanner software to get a full 360 view of its IT estate and cyber security across all systems and hardware, and to show the board of directors why investment in more resource for the cyber security team was needed, the trust found that it had a lot of work to do in this area.

With only a small team, the trust found it “hardly made a dent in what was required” and didn’t have time to monitor new threats or review its  endpoint protection every day, so needed some additional support to achieve its aims. With recruitment for a Head of Cyber Security and Cyber Security Engineers from within the NHS deemed potentially too expensive and time consuming, the trust came across Cloud21’s Vulnerability Management Service, which helps NHS organisations to assess and prioritise the vulnerabilities highlighted by scanners. It also implements and manages processes to approve and deploy patches and fixes; and provides reports and audit trails to help ensure compliance with requirements such as NHS Cyber Alerts and DSPT.

By employing Cloud21, the trust also realised it could avoid spending more than £200,000 in salaries, plus further costs associated with recruitment. Cloud21 brought a team of cyber security experts to work with the trust’s IT team, remediate the risks highlighted by the vulnerability scanner and to work to secure the IT estate. A cyber team was also available 24/7 and the service agreement included a commitment to have someone available, regardless of annual leave or sickness.

“Cloud21 clearly understand the changing nature of working in the NHS. We’re in an ever-changing cyber environment – you think you’ve hit the nail on the head, then you have to change due to changing priorities. The service is really flexible and we’re not tied into everything that has been agreed on day one,” said the trust. It also added that it now reports regularly on its cyber progress and provides assurance to the board.

Qolcom and HPE Aruba

In response to the pandemic, the NHS Nightingale Hospital Exeter opened to provide additional capacity to care for COVID-19 patients. While it was purpose-built in just eight weeks, it required a ‘robust, scalable and reliable network’ to support IT and healthcare teams. A secure Wi-Fi network that was flexible and could be tailored was considered a top priority to ensure ‘operational efficiency’ and to create a simpler user experience for staff, patients, and visitors, with state-of-the-art wireless and wired medical equipment also posing a challenge for network designers.

The solution had to meet the needs of many different users, from medical staff using Wi-Fi enabled medical equipment to families talking to their loved ones by video, and allow for fast, easy access, as well as a high level of cyber security across the network.

Tasked with helping to supply this within weeks were the trusted IT partners Qolcom, which provides service and support expertise, and HPE Aruba, which specialises in network technology. The Royal Devon and Exeter NHS Foundation Trust selected the two companies, which were already providing services to surrounding hospitals. Central services were rapidly extended to the Nightingale Exeter for authentication through Aruba ClearPass and for management, via Aruba Airwave, while Qolcom’s experience helped with devising a network strategy.

The network solution had four defining features: granular security for both the wi-fi and wired network, with Aruba ClearPass, providing the robust cyber security features of a wired network in a wireless environment; dependable hardware, intelligent design – every aspect of the solution designed to ensure a secure, reliable network; wireless connectivity, centralised control provided by Aruba 515 series access points throughout the hospital, including where ambulances bring in patients; collaborative delivery and 24/7 support.

After delivering the ‘fast, reliable and secure IT network’ solution across a ‘very tight timescale and on budget’,  the hospital’s network management is now ‘greatly simplified, across a wide mix of users and devices’, so that healthcare workers can quickly locate critical equipment through Wi-Fi enabled tracking, whilst patients are benefiting from a home-from-home experience.

“The ability to deploy this major IT solution so quickly has potentially been life saving and a simple, secure experience, across a wide spectrum of users, will continue to be at the heart of Nightingale Exeter”, said Paul Hopkins, Programme Director, NHS England.

Alder Hey Children’s Hospital

Alder Hey Children’s Hospital says it has spent “the last year responding to the very real risks faced in the cyber security space” by implementing a significant programme of ‘cyber work’ to ensure the trust is protected from threats and vulnerabilities.

Staff across the organisation have joined the journey with the digital team, engaging in cyber-related activities and demonstrating an understanding of the importance of the work in protecting the staff, patients and families.

The trust notes that the online working environment is becoming more complicated due to the increase in this way of working during the COVID-19 pandemic, and as cybercriminals and hackers become more sophisticated.

Over the last 12 months, Alder Hey has addressed the issue through investment, allowing the digital team to implement a number of initiatives, including a Specialist Trust Collaboration across Cheshire and Merseyside. Thanks to reciprocal arrangements with two other specialist trusts in the area, they strengthened the reliance of core infrastructure, network architecture and mission critical systems. A Cyber Security Manager was recruited to work closely with the Digital Operations and Information Governance teams to champion the cyber security agenda and links to the Cyber Associates Network and local Cheshire and Merseyside Cyber Group.

Monitoring and control systems have also been strengthened by implementing additional software tools including an Intrusion Detection System and, most recently, in-house vulnerability scanning capabilities. Messages on the topic have been shared with the workforce through Cyber Awareness events and presentations at board level, with cyber training now part of the Mandatory Training cycle for all staff and targeted training for others. Many  digital staff have attended courses and conferences and also have access to a library of training resources.

The portfolio of work culminated in the trust achieving its Cyber Essentials Certification in 2020 and the team is now embarking on the next stage of its cyber journey, with the goal of receiving Cyber Essentials Plus accreditation. Cyber is now embedded into the culture of the trust, with regular schedules of tests and internal checks supported by staff throughout the organisation.