The health service’s central nationwide body has put in place an agreement of up to three years in length, and covering a variety of tweaks and updates to IT defences

NHS England has awarded a multimillion-pound contract for a supplier to boost the health service’s security credentials with a range of “cyber technical remediation services”.

On 22 April, the national body – which is to be abolished and absorbed into government – entered into an initial two-year agreement with cyber and IT firm MTI Technology. The deal, which can be extended for a further 12-month term, is valued at £11.9m, inclusive of VAT.

Under the heading “cyber next generation”, the engagement covers a variety of support offerings to be provided to specialist team within NHS England’s dedicated to security remediation and upgrades.

Related content

• Cancelled appointments top 6,000 but NHS claims most services now ‘near normal’ after cyberattack
• NHS signs £500m combined cloud hosting deal
• Data from three NHS hospitals accessed in Liverpool cyberattack

According to a newly published commercial notice, services to be delivered by the tech provider include: “secure backup review; secure backup reassessment; active directory security review; multi-factor authentication policy gap [services]; analysis and planning; network segmentation review; vulnerability management maturity assessment; role-based authority (RBA) accelerator;… RBA accelerator – server zoning extension; [and] bespoke technical remediation”.

Services will be delivered in accordance with statements of work to be issued by the NHS cyber team over the course of the contract, all of which “will be subject to individual governance and business case approvals”, the notice says.

The document adds that MTI – which is owned by printer manufacturer Ricoh – was one of two companies to bid for the contract. The deal was awarded via the £1bn Cyber Security Services 3 framework.