Helping NHS organisations meet key DSPT criteria ahead of June deadline

May 09, 2023

Helping NHS organisations meet key DSPT criteria ahead of June deadline

To ease the difficulty in obtaining accurate medical device information for pending NHS DSPT submissions, Cynerio and ITHealth have teamed up to offer an easy, obligation-free service. Read on to learn more.

With June’s Data Security and Protection Toolkit (DSPT) submission deadline approaching quickly, many NHS organisations are beginning to learn the challenges related to discovering and documenting connected devices. Non-IT devices such as IoT, OT and unmanaged IT are of particular concern as they are present in greater numbers and often with less rigid tracking compared to their IT brethren.

In an effort to better define the challenges linked to the devices, particularly as they relate to DSPT compliance, the Cynerio and ITHealth teams recently partnered with 14 NHS Trusts to study their device landscape. The resulting findings have been published in ‘The State of NHS Trust IoT Device Security’ report.

The study paints a clear picture on the challenges that NHS Trusts are facing both in terms of understanding what is connected to their network and the risks they introduce. Among the core findings are:

    • 25%-45% of devices in NHS Trust environments are IoT, IoMT, OT or unmanaged IT
    • 46% of devices had at least one known risk that was unaddressed
    • WannaCry related vulnerabilities existed unpatched in 2% of devices

The broader set of findings paints a clear picture of the device security landscape in NHS organisations. In short, the WannaCry attacks of 2017 have delayed widespread adoption of connected devices in a way that has lessened the cyber-attack impacts seen among early adopters. Unfortunately, those risks are quickly rising in the UK as the benefits of connected devices to patients outweigh the conservative approach to deploying the devices.

Dedicated DSPT Dashboards from ITHealth and Cynerio

In the same vein, many NHS Trusts are building upon DSPT requirements related to IoT, OT and unmanaged IT devices to advance their cyber security efforts. Based on this study and efforts with dozens of other NHS Trusts, ITHealth and Cynerio continue to evolve their dashboards to ease DSPT compliance and extend those efforts into more mature cyber security practices. Among the most common benefits noted by NHS Trusts are:

    • Automated, high-fidelity inventory of all devices (IT, IoT, OT, unmanaged IT, etc)
    • Real-time DSPT dashboard
    • Automated, DSPT submission-ready reports
    • Deeper risk insight at the device and network level
    • Actionable, prioritised guidance for addressing risk
    • Day One protections against cyber-attacks often missed by in-place systems
    • Lightweight, low touch deployment


    No cost, obligation-free DSPT insight offer

    While deeper security protections are a long-term goal, the immediacy of meeting June DSPT submission requirements is the most pressing issue for many NHS Trusts. To ease this process, ITHealth and Cynerio are offering no cost, obligation-free DSPT deployments to NHS organisations. A two-week deployment of a collector will automatically identify all IoT, OT and medical devices, provide access to a DSPT dashboard, and generate submission-ready reports. For those looking to further their security journey, it will also provide insight and prioritised remediation guidance for all identified device risks and vulnerabilities.

Take the next step

If you would like to take advantage of this no-obligation offer and benefit from having complete understanding into your governance and risk then contact us below.

    Leave a Comment

    Get all the latest news direct to your inbox


    View all news