Project overview
Cyber attacks against the healthcare industry are rising which, in turn, increases the importance of robust security measures and more stringent compliance regulations. This dichotomy puts enormous pressure on NHS IT teams – which often tend to be smaller than IT teams of enterprise organisations of equivalent size. Often lacking in cyber specialist resource and budget, they become over-stretched and time-deprived. Here we find out how East London NHS Foundation Trust worked with ITHealth and Sophos to maximise resource and streamline processes, whilst enhancing security and increasing its levels of assurance.
East London NHS Foundation Trust (ELFT) has long been recognised as a centre of excellence for mental health care, innovation and improvement. Its core area includes City of London, Hackney, Newham, Tower Hamlets, and Bedfordshire and Luton, including a number of specialist services being delivered further afield. With over 6,000 staff, the Trust provides mental health and community health services from over 100 community and inpatient sites, serving a population of around 1,000,000.
Challenge
ELFT’s IT team cater for a large and diverse Trust across multiple sites. Recognising the growing sophistication of cyber attacks, the Trust was keen to tighten up on security defences. Whilst enhancing security, ELFT also wanted to streamline processes and improve efficiencies to maximise resource and productivity.
The IT team was managing multiple consoles and dashboards for various solutions which was proving a drain on resource; this was quickly identified as an area for improvement. The Trust also realised it didn’t have a single view of its assurance against vulnerabilities. To ascertain assurance levels required manually collating findings from multiple systems which made vulnerability and assurance management a complex and timely process.
“Our previous security solutions were taking a lot of time to manage. We knew we had to find smarter ways of working without compromising security – only enhancing it.”
Daniel Woodruffe
Former Chief Information Officer
East London NHS Foundation Trust
Solution
ELFT began working with ITHealth in January 2017 when it invested in Sophos Intercept X (the award-winning anti-exploit, anti-ransomware endpoint solution). The Intercept X implementation included ITHealth migrating the Trust from SEC (Sophos Enterprise Console) to Sophos Central (the cloud-based endpoint and server management platform). Now AV, Intercept X, UTM, Server Advanced, and web appliance all run off a unified console; all Sophos products are managed and administered from a single web interface and there’s no need to maintain or update an on-site server.
When WannaCry hit in May 2017, ELFT were unaffected. However, despite not being hit, the attack increased awareness of the importance of robust security measures and encouraged ELFT to make further proactive investments.
In November 2017, ELFT had come to realise how ITHealth’s NHS IT security focus and level of expertise was benefitting its organisation, so they opted for Sophos enhanced support from ITHealth. Accredited to the highest level of Sophos partnership, ITHealth’s partner status meant its enhanced support gave ELFT: unlimited calls to the ITHealth service desk, access to ITHealth’s Sophos accredited technicians and their direct line to Sophos’ 3rd line support, as well as on-site consultation visits. Soon after, in January 2018, the service was further upgraded and ITHealth now provide a fully managed service for all Sophos products. ITHealth’s technical consultants act as an extension of ELFT’s own IT team – proactively ensuring the Sophos systems run optimally, conform to best practice, and that ELFT get the most out of their investments made in Sophos.
More recently, ELFT have come to benefit from ITHealth’s Assurance Dashboard Solution – a solution which provides a single, unified dynamic view of the vulnerability and assurance levels that exist throughout ELFT’s IT estate. A key feature that particularly benefits ELFT is the automation of nearly all NHSD CareCERTs. CareCERT alerts, as they are released, are fed into the Dashboard which then allows rapid assessment of infrastructure risk levels related to each alert. ELFT, with ITHealth, now proactively manage all vulnerabilities and can confidently report assurance levels to the board through detailed monthly reports provided by ITHealth.
Additionally, ELFT’s CIO Daniel Woodruffe can access the Dashboard at any time and see at-a-glance a dynamic view of the assurance and vulnerability levels of the ELFT IT estate without having to ask his team for a report.
“The ITHealth Assurance Dashboard gives us clarity on the true level of vulnerabilities that exist within our IT estate and helps us to proactively address them.”
Daniel Woodruffe
Former Chief Information Officer
East London NHS Foundation Trust
Results
The managed service provided by ITHealth for Sophos products and the Assurance Dashboard Solution has led to numerous benefits to the Trust, not limited to the following:
Vital time returned to the IT team – parts of ELFT’s cyber strategy have been directly outsourced to ITHealth freeing up team resource. The IT function can now start to focus on more beneficial projects, as opposed to routine tasks.
Simplified, yet strengthened security management – the unified Sophos cloud-based console and ITHealth Assurance Dashboard Solution streamline security management whilst providing in-depth security insight and vital protection.
Protected against ransomware – the cryptoguard and deep-learning technology used in Intercept X ensures ELFT benefits from the most advanced anti-ransomware technology available in the marketplace.
Assured at all times – the Assurance Dashboard gives ELFT a near real-time view, accessible any time, of the assurance levels of its IT estate. Reports also demonstrate that appropriate action is being taken to minimise risk of outbreaks, monitor downtime, ensure patches are up to date, etc.
Trusted security advice from NHS and IT security experts – ITHealth accredited technicians have been working in the IT security industry specifically with NHS infrastructures and systems for over 25 years and now act as an extension to ELFT’s own IT team.
ELFT are currently in discussion with ITHealth about how it can now improve clinical workflow optimisation through use of single sign-on technology
“We value our relationship with ITHealth. They have an unrivalled understanding of NHS IT infrastructures and challenges and we trust the advice and support they continue to offer.”
Daniel Woodruffe
Former Chief Information Officer
East London NHS Foundation Trust