27.11.17
NHS Digital to launch £20m cyber defence centre complete with ‘ethical hacking’
A new cyber security service with a £20m budget will be launched by NHS Digital in an attempt to battle against digital security threats.
The Security Operations Centre (SOC) will monitor national health and care services and will give officials a better view on what guidance and advice to offer.
This will include a monitoring service which analyses information on different threats and keeps the appropriate organisations and individuals prepared for the cyber-attacks they are most likely to experience.
There will also be on-site security assessments for NHS organisations as well as specialist support. This is aimed at identifying potential weaknesses and then swiftly dealing with potential incidents.
NHS Digital is currently looking for a partner in the project which would provide expertise on digital security, system testing and ‘ethical hacking’ – a process where someone tries to hack a system to see if the security is capable of dealing with it.
Dan Taylor, the organisation’s head of the Digital Security Centre, explained: “The SOC will enhance NHS Digital’s current data security services that support the health and care system in protecting sensitive patient information.
“The partnership will provide access to extra specialist resources during peak periods and enable the team to proactively monitor the web for security threats and emerging vulnerabilities.
“It will also allow us to improve our current capabilities in ethical hacking, vulnerability testing and the forensic analysis of malicious software, and will improve our ability to anticipate future vulnerabilities while supporting health and care in remediating current known threats.
The security expert is also hoping that, by creating a national, near-real-time monitoring and alerting service that covers the whole health and care system, “the SOC will drive economies of scale, giving health and care organisations additional intelligence and support services that they might not otherwise be able to access.”
The new measures follow the WannaCry cyber-attack earlier this year, which hit a large number of trusts across the country and locked people out of services, demanding a $300 ransom fee.
After the attack, it was revealed that more could have been done to reduce vulnerability on the systems, but the Department of Health reportedly failed to react to warnings given a year before.
Top image: Scyther5
Have you got a story to tell? Would you like to become an NHE columnist? If so, click here.