East London NHS Foundation Trust

Staying secured, managed and assured by entrusting ITHealth with its cyber security

Overview

Cyber attacks against the healthcare industry are rising which, in turn, increases the importance of robust security measures and more stringent compliance regulations. This dichotomy puts enormous pressure on NHS IT teams – which often tend to be smaller than IT teams of enterprise organisations of equivalent size. Often lacking in cyber specialist resource and budget, they become over-stretched and time-deprived. Here we find out how East London NHS Foundation Trust worked with ITHealth and Sophos to maximise resource and streamline processes, whilst enhancing security and increasing its levels of assurance.

East London NHS Foundation Trust (ELFT) has long been recognised as a centre of excellence for mental health care, innovation and improvement. Its core area includes City of London, Hackney, Newham, Tower Hamlets, and Bedfordshire and Luton, including a number of specialist services being delivered further afield. With over 6,000 staff, the Trust provides mental health and community health services from over 100 community and inpatient sites, serving a population of around 1,000,000.

 

Challenge

ELFT’s IT team cater for a large and diverse Trust across multiple sites. Recognising the growing sophistication of cyber attacks, the Trust was keen to tighten up on security defences. Whilst enhancing security, ELFT also wanted to streamline processes and improve efficiencies to maximise resource and productivity.

The IT team was managing multiple consoles and dashboards for various solutions which was proving a drain on resource; this was quickly identified as an area for improvement. The Trust also realised it didn’t have a single view of its assurance against vulnerabilities. To ascertain assurance levels required manually collating findings from multiple systems which made vulnerability and assurance management a complex and timely process.

Solution

ELFT began working with ITHealth in January 2017 when it invested in Sophos Intercept X (the award-winning anti-exploit, anti-ransomware endpoint solution). The Intercept X implementation included ITHealth migrating the Trust from SEC (Sophos Enterprise Console) to Sophos Central (the cloud-based endpoint and server management platform). Now AV, Intercept X, UTM, Server Advanced, and web appliance all run off a unified console; all Sophos products are managed and administered from a single web interface and there’s no need to maintain or update an on-site server.

When WannaCry hit in May 2017, ELFT were unaffected. However, despite not being hit, the attack increased awareness of the importance of robust security measures and encouraged ELFT to make further proactive investments.

In November 2017, ELFT had come to realise how ITHealth’s NHS IT security focus and level of expertise was benefitting its organisation, so they opted for Sophos enhanced support from ITHealth. Accredited to the highest level of Sophos partnership, ITHealth’s ‘Select’ partner status meant its enhanced support gave ELFT: unlimited calls to the ITHealth service desk, access to ITHealth’s Sophos accredited technicians and their direct line to Sophos’ 3rd line support, as well as on-site consultation visits. Soon after, in January 2018, the service was further upgraded and ITHealth now provide a fully managed service for all Sophos products. ITHealth’s technical consultants act as an extension of ELFT’s own IT team – proactively ensuring the Sophos systems run optimally, conform to best practice, and that ELFT get the most out of their investments made in Sophos.

More recently, ELFT have come to benefit from ITHealth’s Assurance Dashboard Solution – a solution which provides a single, unified live view of the vulnerability and assurance levels that exist throughout ELFT’s IT estate. A key feature that particularly benefits ELFT is the automation of CareCERTs. CareCERT alerts, as they are released, are fed into the Dashboard which then allows rapid assessment of infrastructure risk levels related to each alert. ELFT, with ITHealth, now proactively manage all vulnerabilities and can confidently report assurance levels to the board through detailed monthly reports provided by ITHealth.

Additionally, ELFT’s CIO Daniel Woodruffe can access the Dashboard at any time and see at-a-glance a live view of the assurance and vulnerability levels of the ELFT IT estate without having to ask his team for a report.

Results

The managed service provided by ITHealth for Sophos products and the Assurance Dashboard Solution has led to numerous benefits to the Trust, not limited to the following:

  • Vital time returned to the IT team – parts of ELFT’s cyber strategy have been directly outsourced to ITHealth freeing up team resource. The IT function can now start to focus on more beneficial projects, as opposed to routine tasks.
  • Simplified, yet strengthened security management – the unified Sophos cloud-based console and ITHealth Assurance Dashboard Solution streamline security management whilst providing in-depth security insight and vital protection.
  • Protected against ransomware – the cryptoguard and deep-learning technology used in Intercept X ensures ELFT benefits from the most advanced anti-ransomware technology available in the marketplace.
  • Assured at all times – the Assurance Dashboard gives ELFT a real-time view, accessible any time, of the assurance levels of its IT estate. Reports also demonstrate that appropriate action is being taken to minimise risk of outbreaks, monitor downtime, ensure patches are up to date, etc.
  • Trusted security advice from NHS and IT security experts – ITHealth accredited technicians have been working in the IT security industry specifically with NHS infrastructures and systems for over 25 years and now act as an extension to ELFT’s own IT team.

ELFT are currently in discussion with ITHealth about how it can now improve clinical workflow optimisation through use of single sign-on technology