East Midlands Ambulance Service NHS Trust (EMAS)

Creating an in-depth IT security strategy with vendor consolidation


Ambulance Trusts are under huge pressure to reduce costs yet improve operations. Many trusts are consolidating sites and mobilising their workforce –  and the more mobile a workforce, the greater the need for security that ensures vital patient and operational information can be easily and reliably accessed. East Midlands Ambulance Service NHS Trust (EMAS) wanted to review its security strategy so that security within the Trust could be maximised, particularly for its mobile workers, yet costs reduced.

East Midlands Ambulance Service provides emergency 999 care and telephone clinical assessment services for a population of 4.8 million people. On average, they receive a new 999 call every 43 seconds – that’s around 2,000 calls a day. Their vision is ‘to deliver outstanding sustainable emergency and urgent care services across the communities of the East Midlands’.


The Service has 2,700 staff, the largest group of which are front-line; it is vital that they are able to securely access patient and operational information and that this information is protected within the Service’s data centres. The Service needed to create a ‘defence in-depth’ strategy for all its IT infrastructure and data, as opposed to just securing the edge of its networks.

One example of this is the provision of secure two-factor remote access to a range of information and applications; the Service were keen to use the NHS smartcard to authenticate users, but without adding, or changing the N3 certificate.

At the same time, like many Trusts, cost improvement demands meant that it was necessary to reduce capital and revenue costs and improve and expand operational capabilities and reliability. Being a front-line (blue light) operation, the Service needs to be able to rely upon and trust its key suppliers to provide the right solution at the right time.


Having identified the challenges of delivering the required solutions, the Service looked for a supplier with which they could build a strong alliance. The preferred supplier was required to support all existing solutions whilst also providing new solutions and resource and transition these to support the strategy.

ITHealth were initially consulted over the need to deploy a 2,500 user VPN two-factor authentication solution with some complex user requirements, including using the NHS smartcard as the authentication token. A solution was designed around the ITHealth Secure-IT VPN product, to use the existing firewall deployment and support other types of token including mobile, physical, email, and SMS.

Following the roll-out of the VPN solution, the Service had a need to refresh its existing deployment of firewalls. ITHealth were again consulted and proposed a design and project plan to allow a phased refresh to work around the 24/7 operation of the Service.

As part of this discussion, the wider security environment was considered and ITHealth proposed an innovative approach which would allow the Service to consolidate its disparate security applications (AV, endpoint, encryption, web, email, next generation firewall, network, web server, and wireless). The new solution is part of the Sophos portfolio and provides a number of benefits including centralised security management, reduced operational resource and dynamic security communication. ITHealth is a Sophos Gold Solution Partner and has the pre-requisite certifications, experience and knowledge to design and deploy the entire range of Sophos products.


EMAS has recognised a number of benefits as part of the partnership with ITHealth both in terms of the overall service provided and the solutions deployed.

Secure-IT is designed, developed, and supported by ITHealth with, and for, the NHS allowing them to benefit from a cost-effective and easy-to-use system; other benefits come from automated connection workflow, reducing time spent on IT. EMAS has reduced its cost of operation and expanded the remote access provision, and by using the NHS smartcard (unmodified) for authentication it has avoided the cost of tokens.

The Sophos solution allowed the Service to reduce its renewal and ongoing operating costs, whilst enhancing its security capabilities. The ease of use and centralised approach reduced the amount of time required to administer the system, providing more time for the IT team to innovate rather than fire-fight.

The benefits of partnering with the right supplier cannot be ignored to ensure that the correct level of service is provided at all times.