NHS Digital has drafted in IBM in a bid to boost its cyber security defences in the wake of the devastating WannaCry attack that hit hospitals more than a year ago.
Under the three-year deal, reportedly worth 30 million, NHS Digital will gain access to a range of IBM's advanced cyber security services, such as vulnerability scanning and malware analysis, in an expansion to its Cyber Security Operations Centre (CSOC).
The CSOC, which monitors NHS networks for known threats and provides defensive support to health and social care organisations, will also be able to rely on IBM's X-Force repository of threat intelligence.
NHS Digital said this repository will provide insight, guidance, and can offer a wealth of advice to NHS organisations.
"This partnership will enhance our existing CSOC, which is delivered from NHS Digital's Data Security Centre," said Dan Taylor, programme director of the Data Security Centre at NHS Digital.
As part of the agreement, dedicated IBM engineers will offer the NHS extra support "during times of increased need".
"It will build on our existing ability to proactively monitor for security threats, risks, and emerging vulnerabilities, while supporting the development of new services for the future and enabling us to better support the existing needs of local organisations," Taylor added.
"This will ensure that we can evolve our security capability in line with the evolving cyber threat landscape."
The deal will also encompass security monitoring pilots in select NHS organisations to test their cyber security capabilities, with a view to rolling the pilots out across the wider health service, as well as an 'innovation service' allowing NHS Digital to access new tools and expertise to address emerging threats as and when they arise.
Taylor added that while the partnership will strengthen the security of sensitive patient information it will also enable knowledge and skills-sharing between NHS and the industry, allowing the health service to continue developing its own cyber security expertise.
Scrutiny on the NHS's cyber security measures has increased since last summer's WannaCry attack. All 200 trusts failed to pass basic security standards earlier this year despite getting 21 million from the Department for Health in July 2017 to improve its defences.
The NHS has taken various measures to boost its security credentials in recent months, including reaching an agreement with Microsoft to upgrade legacy Windows operating systems to Windows 10 by 2020.
IBM's deal comes as Privitar, the privacy engineering company, also won an NHS Digital contract to develop a de-identification software process, dubbed De-ID, to enable the de-identification of patient records across the NHS, and protect patient identity.
NHS Digital's executive director of data, insights and statistics, Tom Denwood, said that De-ID will replace various de-identification methods across the NHS, bringing one consistent process to all patient data as it flows through different NHS systems.
It follows the introduction of NHS Digital's data-sharing opt-out tool for patients across England who want to scrub their confidential information from being used for research and planning.
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabsNews An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attackNews A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.
-
Cleo attack victim list grows as Hertz confirms customer data stolen – and security experts say it won't be the lastNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Healthcare systems are rife with exploits — and ransomware gangs have noticedNews Nearly nine-in-ten healthcare organizations have medical devices that are vulnerable to exploits, and ransomware groups are taking notice.
