Salford Royal NHS FT (part of the Northern Care Alliance)

Improving digital compliance efficiency and staying confidently assured through a unified network view

Project overview

Following the cyber attacks in 2017, it was clear many NHS IT infrastructures were vulnerable to future attacks for various reasons: lack of compliance, end of life equipment, unsupported maintenance, governance, the list goes on. The drive for cyber and compliance assurance became key for many NHS organisations. Salford Royal NHS Foundation Trust knew that if it were to be fully assured, it required a truthful view of its network – to have greater visibility of compliance and assurance issues to be able to proactively address them.

Salford Royal NHS Foundation Trust (SRFT) is an integrated provider of hospital, community, social care and primary care services and is a University Teaching Trust. Salford Royal is part of the Northern Care Alliance NHS Group with Pennine Acute NHS Hospitals Trust. The Group is one of the largest healthcare providers in the country, serving a population of over one million people across its local communities. Salford Royal’s team of 7,000 staff members provide local services to the City of Salford and specialist services to Greater Manchester and beyond.

Challenge

Like most NHS organisations, SRFT found increasing demands were being placed upon them to demonstrate compliance, both at a local and more national NHS Digital level. Executive and external reporting was proving complicated and time-consuming – often requiring the need to delve into multiple security systems and piece information together; an approach that naturally leaves opportunity for error. The Trust wanted to be confident that what they were reporting was a true and accurate reflection of the state of the network.

“We were lacking a clear and concise view of our infrastructure”, said Richard Wakefield, Chief Technical Officer, Northern Care Alliance NHS Group. “We knew that to be assured of our defences and compliance we needed to have access to a picture of our network that we could trust.”

“What I like best is that this system takes away any guesswork and opportunity for error in reporting; it presents a picture of the network and systems as they really are.”

Janet Eivers

Digital Compliance Manager
Salford Royal NHS Foundation Trust

Solution

SRFT had been working with ITHealth for many years, benefitting from their flagship Secure-IT remote access solution, Sophos anti-virus and Sophos email security gateway protection. Trusting ITHealth’s NHS cyber security specialism and proven experience, the Trust explained its challenges. ITHealth quickly responded with its Assurance Dashboard Solution, which has been developed in collaboration with other NHS Trusts experiencing similar issues.

The ITHealth Assurance Dashboard Solution pulls in-depth detail on all IP addressable assets linked to the SRFT network into a user-friendly dashboard interface. Intelligent reports present the findings in a meaningful and actionable way; NHS IT teams can quickly identify software and hardware vulnerabilities and any issues compromising security and compliance.

“CareCERT compliance in particular is made easier as the Dashboard automates much of the process”, said Janet Eivers, Digital Compliance Manager, SRFT. As CareCERT alerts are released, ITHealth inputs the threat detail into the Dashboard which then rapidly assesses associated vulnerabilities within the Trust’s network. The Dashboard highlights potentially affected assets, so the Trust knows exactly where to focus remediation efforts to ensure it remains protected. As much of the Dashboard detail is exportable, actionable worklists can also be pulled to assist with user workflows. “The CareCERT reports save us huge amounts of time and allow us to see at a glance and prioritise vulnerabilities”, continued Janet.

Within the solution, ITHealth provides monthly summary reports of the Dashboard detail to SRFT so the Trust can monitor changes in the network over time and disseminate key information to the board / external parties.

“The management reporting feature reduces the number of man hours spent trawling through several security systems to gather figures for executive reports.”

Janet Eivers

Digital Compliance Manager
Salford Royal NHS Foundation Trust

Results

The Assurance Dashboard Solution has streamlined many routine security and compliance processes for SRFT, not limited to:

  • Hardware and software identification and management
  • Patch management visibility across the hardware and software estate
  • User identification and user trends for capacity management
  • CareCERT compliance monitoring
  • Management reporting

SRFT benefit from the solution in the following ways:

  • Being confidently assured at all times – the Trust can always access a truthful, reliable and near real-time picture of its network.
  • Enhanced security through increased network visibility – vulnerability and compliance issues can be more easily pinpointed, prioritised and addressed.
  • Swifter remediation – the Dashboard flags priority areas and allows dynamic, exportable work lists to assist user workflows.
  • Huge reduction in time spent on routine tasks – the IT team can focus their efforts on more beneficial projects.

“What I like best is that this system takes away any guesswork and opportunity for error in reporting; it presents a picture of the network and systems as they really are – making it easier to visualise risks and present accurate solutions”, concludes Janet Eivers, Digital Compliance Manager.

“We’ve had a positive service experience from ITHealth, including a hassle-free deployment. The ITHealth team clearly understand our challenges and continue to assist us to get the most of the Dashboard solution.”

Sean Devine

Infrastructure Manager
Homerton University Hospital NHS Foundation Trust

You may also be interested in…

View all case studies

Take the next step

We’re here to help. Get in touch to discuss your cyber security challenges.

Prefer to talk? Just call us on 0115 987 6339.