The NHS appoints IBM in a three-year strategic partnership
The UK’s National Health Service (NHS) has appointed IBM in a new three-year strategic partnership to strengthen and improve present services.
With the increasing number of cyber-security threats, IBM will provide sophisticated data security technologies and additional defence tools. It will also be in alignment with the NHS Digital’s existing Cyber Security Operations Centre (CSOC) and bolster its capability to monitor, detect and respond to a multitude of security risks.
Such services will include:
- Vulnerability scanning and malware analysis, allowing NHS Digital to offer tailored and specialist advice to individual NHS organisations
- Enhancement of NHS Digital’s current monitoring capability enabling the analyses of data from multiple sources to detect threats across NHS Digital’s national systems and services
- Access to IBM’s X-Force repository of threat intelligence to provide insight, guidance, and advice so health and care organisations can take appropriate action to prepare for, or mitigate against, identified risks and threats.
- Security monitoring pilots across selected NHS organisations, to test a range of security technologies and identify appropriate solutions that could be rolled out across the NHS estate
- An innovation service which will allow NHS Digital to quickly access new tools technologies and expertise to address new threats as they emerge and to allow it to adapt services to meet the changing needs of the health and care sector.
“This partnership will build on our existing ability to proactively monitor for security threats, risks, and emerging vulnerabilities, while supporting the development of new services for the future and enabling us to better support the existing needs of local organisations. This will ensure that we can evolve our security capability in line with the evolving cyber threat landscape,” explained Dan Taylor, Programme Director, Data Security Centre at NHS Digital.
“This partnership will strengthen how we help to keep patient information and services safe and secure, enabling NHS staff and patients to have confidence in the security of our system.”
It follows on from the WannaCry attack in 2017, which revealed the urgent need for the NHS to upgrade its outdated IT infrastructure and strengthen its data security capabilities.
“The NHS faces data protection challenges which are not only presented by the transition from paper to electronic, but also by the rapid pace of the technological changes available to it. Some technical examples are incorporating virtualisation and cloud computing,” explained Graeme Stewart, Director of Public Sector UK&I at Fortinet
“A medical record is worth 10 times a credit card number on the black market, making them very valuable targets. It’s no wonder that 34.4% of all breaches worldwide are hitting the healthcare industry. From digitising patient records to medical devices and wearables, all these are expanding the attack surface.”
- GDPR - Is healthcare ready?
- Building trust in healthcare, AI and automated decision-making
- Microsoft brings two significant players on board to further transform healthcare
“The diverse nature of healthcare enables different devices to access the Internet (even though they are not designed for this) making them easy targets; with many outdated applications and systems that don’t include security as a priority.”
Impacting up to a thousand health facilities and leading to the cancellation of 20,000 hospital appointments and operations, the service has now signed a deal with Microsoft regarding its Windows XP systems, which was not renewed in 2010, to ensure its security features remain robust. The partnership with IBM will therefore support this and enable the NHS to undertake a number of pilots in the process.
“The NHS is relying on legacy systems, so they are completely underequipped for a cyberattack,” notes Simon Townsend, CTO, EMEA at Ivanti.
“The post-breach reporting process requires organisations to demonstrate how they were prepared for a data breach, but then why the attack got in anyway; they also need to communicate with all customers (or patients) effected, articulating a remediation plan; they need to run through their remediation plan, fix the breach and lock down all leaked data; and they also need to provide an in-depth report to the relevant “supervisory authority” of their EU member state.
“All in 72 hours. This simply isn’t possible if, as in the case of some trusts, you’re relying on an operating system that hasn’t seen a release for sixteen years,” he says candidly.
“WannaCry was so damaging as some trusts were using unpatched Windows 7 systems and some were using completely unsupported Windows XP systems.
“In 2004, the Office for Government Commerce signed a deal with Microsoft to provide all desktop software within the NHS – from operating systems to Office programmes. The NHS had the latest of everything and were kept secure and patched up with help from Microsoft. Then, in 2010, around the time that the austerity period began, the government scrapped the agreement. The NHS had been using £270mn worth of Microsoft software for less than £65mn a year, so were unable to cope, and individual trusts were effectively left to fend for themselves,” he continues.
“Post WannaCry, the NHS did sign a new agreement, specifically for cybersecurity, with Microsoft – the custom support agreement and Enterprise Threat Detection Service (ETDS) provided the NHS with patches and updates for all existing Windows devices operating as XP, Windows Server 2003 and SQL 2005.”
“However, in January of this year, it was exposed that only 2% of the NHS had actually deployed the ETDS.
Jvion launches AI-powered map to tackle mental health crisis
Clinical AI company Jvion has launched an interactive map of the US that highlights areas that are most vulnerable to poor mental health.
The Behavioral Health Vulnerability Map uses Jvion's AI CORE™ software to analyse public data on social determinants of health (SDOH) and determine the vulnerability of every US Census block group.
Vulnerability refers to the likelihood that residents will experience issues like self-harm, suicide attempts or overdoses. The map also identifies the most influential social determinants in each region, to show the social and environmental conditions that contribute to mental illness.
As an example, the map shows that Harrison County in Mississippi has a 50% higher suicide rate than the rest of the state. It also shows a high percentage of individuals in the armed forces at a time when active duty suicides are at a six-year high, along with a high prevalence of coronary artery disease, arthritis, and COPD, all chronic illnesses that are linked to a higher suicide risk.
The map also shows Harrison County has a high percentage of Vietnamese Americans, who studies suggest have high rates of depression and may be less likely to seek help from mental health professionals.
The map was built using the same data and analytics that Jvion used to create the COVID Community Vulnerability Map, which was launched towards the start of the pandemic.
With this new map, Jvion is aiming to tackle the growing mental health crisis in the US. “At a time when so many Americans are struggling with their mental health, we’re proud to offer a tool that can help direct treatment resources to the communities that need it most,” said Dr John Showalter, MD, Jvion’s chief product officer, who led the development of the map.
“For too long, the healthcare industry has struggled to address social determinants of health, particularly in the context of behavioural health. Our hope is that by surfacing the social and environmental vulnerabilities of America’s communities, we can better coordinate our response to the underlying conditions that impact the health and wellbeing of people everywhere.”