NHS Digital – Customer Case Study
Customer Overview
Industry:
Healthcare
Type and number of NHS organisations supported:
33 Hospital and Mental Health Trusts, Ambulance Trusts, CCG and Arms Length Bodies.
Delivered:
2018 – 2021
A Summary of our Work
As a strategic supplier to the NHS, Templar Executives provides Cyber Operational Readiness Support (CORS) to the national Programme.
CORS incorporates full enterprise architecture reviews, Cyber Essentials Plus gap analysis, Supply Chain and Risk Assessments, Strategy, Policy and Process Reviews along with Cultural and Communications interventions.
We work in close collaboration with Trusts and NHS organisations across the length and breadth of England.
Background
The Lessons Learned Review of the WannaCry Ransomware Cyber attack, exposed many vulnerabilities that needed to be addressed to improve the Cyber Security of the NHS. It is no longer sufficient to monitor and manage Cyber risk, work is also required to mitigate and to pre-empt it, as part of future-proofing the NHS.
Additional Challenges
COVID-19 saw an increase in Cyber threats, ranging from scam websites offering fake Personal Protection Equipment (PPE), through to ransomware attacks targeted directly against the healthcare sector. The rapid rollout of remote working, together with the increased threat, placed intense pressure on System architecture which made CORS and increased NHS resilience even more critical.
Business Benefits
- Boards and Senior Leadership teams came to recognise and understand the role of Cyber Security in the resilient delivery of patient care and for future-proofing their organisations.
- Each of the organisations is now on the pathway to CE+, with some very competent Trusts close to achieving it.
- Staff were equipped with the knowledge, awareness, and tools to develop and operationalise a Cyber Security Cultural Transformation Strategy, sponsored by the SIRO and delivered collaboratively.
- Organisations were furnished with Cyber Security Crisis plans to include stock lines to take in the event of an incident.
- Raised awareness of the Cyber Security implications of the way in which medical equipment is monitored and managed, leading to improved processes and closer engagement with the IG function.
- Improved reporting of Cyber incidents.
- Procurement staff and the Senior Leadership Team were furnished with tools, resources, and advice to improve Cyber Security resilience in the supply chain and given clear prioritisation indicators to enable ongoing monitoring.
Solution
Templar Executives Leadership and Governance Specialists mentored NHS Senior Information Risk Owners (SIROs) and provided an in-depth review of Information Governance (IG) policies with recommendations to attain best practice standards.
Operational Specialists mentored ICT departments to develop their strategic thinking around Cyber Security, with a focus on areas of remediation to achieve Cyber Essentials Plus (CE+) and Data Security Protection Toolkit (DSPT) compliance. This included development and sharing of risk concepts and frameworks for the management of Cyber Essentials risk.
Working directly with IG and Communications teams, we supported the teams to deploy more effective messaging to support Cyber Security processes and practice. This included guidance for a more targeted approach, including delivering bespoke content over a range of channels and using audience-appropriate authors and voices to represent and engage the multiple disciplines.
Clinical Specialists provided mentoring and support to help clinical leaders improve Cyber Security maturity across the clinical population and to establish understanding of the impact of Cyber risks on clinical risks, through the lens of patient safety and care.
We provided support and advice, including Cyber and Information Security throughout the procurement lifecycle, from Procurement strategic plans to individual contract exit.
This was underpinned by our NCSC certified e-Learning course for NHS Information Asset Owners (IAOs) and our NCSC certified e-Learning course tailored for clinicians.
For more information about how we can support you improve Cyber resilience in your healthcare organisation contact us.