Greater Manchester Mental Health NHS Foundation Trust (GMMH)

Finding the ideal tool to maintain a secure, vigilant and resilient IT environment

Overview

NHS organisations typically have sprawling IT estates, often including legacy software and systems which can make keeping track of all assets a challenge. Although, NHS IT teams have processes in place to report on the state of their infrastructure and manage vulnerabilities, they are often overly complex, resource reliant, and time-consuming; due to their convoluted nature, true assurance is often lacking. Find out how Greater Manchester Mental Health NHS Foundation Trust streamlined cyber processes and is now confidently assured through a single dashboard solution.

Greater Manchester Mental Health NHS Foundation Trust (GMMH) provides inpatient and community-based mental health care for people living in Bolton, the city of Manchester, Salford and Trafford and a wide range of specialist mental health and substance misuse services across Greater Manchester, the north west of England and beyond. With over 6,000 employees, it delivers services from over 140 locations and within a 12-month period expects to meet the needs of around 53,000 service users.

 

Challenge

Like many NHS organisations, for GMMH to get an overall view of the state of its infrastructure meant delving into multiple systems, pulling individual reports and then piecing the information together. Although it was a process that worked, it was also one that left opportunity for error; collation of the reports from disparate systems required manual intervention and the reports could sometimes be contradictory meaning assumptions needed to be made to fill in the gaps. The Trust knew that to be more confidently assured and take greater control of its IT estate, it required a more accessible and clearer insight into its network.

Managing NHS Digital CareCERTs was also a slow and painstaking process for the Trust. CareCERTs would typically be copied and pasted into a spreadsheet and forwarded to concerned parties to action; following which, scripts would be generated to interrogate the network to determine the level of risk exposure and identify affected devices. It was a process often reliant on having the correct skill sets available to perform the task and also meant that important remediation action could be delayed putting the Trust at risk during this time.

Solution

ITHealth introduced GMMH to its Assurance Dashboard Solution which is already helping other NHS trusts have greater transparency of what is happening across their networks. GMMH immediately saw the Dashboard’s potential and was keen to undertake a trial.

I was impressed with how the Dashboard hugely simplifies NHS Digital CareCERT compliance”, said Andre De Araujo, Head of ICT at GMMH. “The Dashboard’s CareCERT reports show at-a-glance affected devices, help prioritise remediation and monitor the effects of that remediation in near real-time; they’re a huge time saver.

The Trust was similarly impressed by how the solution integrates with many of its existing systems and consolidates the information into a single dashboard, negating the use of multiple management consoles. “We now have a single pane of glass to view a wealth of insights into our network”, continued Andre. “The ITHealth Dashboard acts as a consolidation Dashboard for many of our other management consoles.

Other Dashboard features which proved key selling points for GMMH was how Microsoft update reporting and anti-virus status information was accessible from the same place, as well as how the Dashboard allows the uptake of patches to be monitored in near real-time.

The Trust could see how the Dashboard’s wealth of available reports would also relieve of lot of the effort associated with its DSPT (Data Security and Protection Toolkit) submission.

Results

The Assurance Dashboard Solution benefits GMMH in the following ways:

  • A ‘live’ network view reduces risk and increases vigilance
    The Trust can now see live reports for issues, rather than relying on snapshot-in-time reports which run the risk of devices with vulnerabilities appearing on the network after the export has been run. The Trust can monitor the effects of remediation in near real-time and address issues as soon as they appear on the network.
  •  An ‘invaluable tool’ that is used across the whole IT team
    The Trust use the Dashboard on a daily basis – management use it to get an overall view of the estate, the desktop and server team to monitor and control Windows updates, the infrastructure team to identify non-compliant anomalies, e.g. unencrypted mobile devices or uninstalled anti-virus, project managers for Windows 10 information, etc.
  • Streamlined CareCERT compliance which frees up resource
    No longer is manual network interrogation needed to identify the Trust’s exposure to every CareCERT. The Trust simply looks to the Dashboard to see affected devices at-a-glance and pinpoint where it needs to focus remediation.
  • One trusted view of assurance
    The Trust now access a truthful, reliable picture of its network and view all its assets – at-a-glance, at any time – in near real-time from a single source. It can easily pinpoint vulnerabilities and compliance issues and pro-actively address them.
  • Comprehensive monthly assurance reports provided by ITHealth
    ITHealth provides GMMH with a snapshot of its cyber security status quo by way of professionally produced monthly reports. Any key areas of concern are highlighted and it includes trends which can be discussed and monitored over time.