NHIS turned to ITHealth with whom they have been working for many years and who already support them with remote working, end user and network protection solutions. In this instance, ITHealth proposed an assurance solution that is delivered by ITHealth as a fully managed service.
The first step involved gaining an independent, live and granular view of everything linked to the NHIS network. An agentless scan was used to identify all hardware and software and expose the information in an intuitive dashboard interface. All assets were tracked from workstations, servers, and printers to switches, monitors and software installs. Even medical devices were captured – anything which is IP addressable is displayed on the dashboard. Granular detail is supplied for each asset including, for example, serial number, the last logged on Windows user, and remaining disk space – devices using default passwords are even identified. Plus, all the findings are easily exportable into excel.
ITHealth worked closely with NHIS to customise reports and configure the dashboard so that, at-a-glance, it would display only the most critical security information as defined by the NHIS IT team. The dashboard was set to include: OS versions used throughout the network, anti-virus and windows update status on servers and workstations, encryption status of devices, and a complete asset summary highlighting any new additions to the network. As they become available, ITHealth now also feed in critical NHS Digital CareCERT alerts so NHIS can quickly understand the level of risk that exists within its infrastructure. The dashboard highlights all non-compliant areas so that NHIS and ITHealth know immediately where to focus remediation efforts. Remediation often includes: patching, re-configurations, software upgrades, changes to access rights, and updating out-of-warranty devices. As the dashboard is dynamic, remediation can be viewed in near real-time.
‘I can watch as patches are being released and monitor the uptake of them directly from the dashboard – no more logging in separately to complicated technical patch management tools’, said Mike.
ITHealth provide an ongoing service to NHIS carrying out much of the remediation requirements, including providing NHIS with detailed monthly breakdown reports so changes within the IT estate can be regularly discussed and evaluated.