NHS Digital on how its Secure Boundary is protecting trusts from cyberthreats

Written by Rosie Underwood on 9 July 2020 in Opinion
Opinion

The perimeter security programme is already protecting thousands of NHS services and wants to work with more trusts, according to Rosie Underwood

Credit: Yui Mok/PA Archive/PA Images

NHS Secure Boundary is a powerful cybersecurity tool that gives NHS organisations the chance to control what passes in and out of their digital estate.

Organisations can benefit from secure filtering for web content, next generation firewalls, secure DNS services and data-loss prevention, among other things.

Last summer, we announced the delivery of NHS Secure Boundary and our partnership with Accenture, Palo Alto Networks and Imperva. Since then, we have worked with a range of organisations to gather vital feedback on their onboarding experience so that we could learn the best way to extend the solution across the wider estate.

We now have 15 trusts live on the platform with implementations scheduled through to the end of 2020. All 21 Consumer Network Service Providers (CNSPs) that manage internet traffic on the Health and Social Care Network (HSCN) are now live on NHS Secure Boundary and over a thousand NHS and care organisations that use them are benefitting from the protection that it offers.

Why Secure Boundary?
First and foremost, the platform is flexible. Organisations can choose from either or both of the firewalls on offer and we will walk them through each step of the onboarding process, providing support with a dedicated set of expert resources, tailored to their needs.

One of our early adopter trusts, York Teaching Hospitals Trust, had this feedback: 

“NHS Secure Boundary has given us an extra layer of security for our internet access at almost zero cost for our trust, saving potentially hundreds of thousands on a similar product if we’d had to buy it in ourselves. Its next-generation firewall, which identifies potential threats early on and reduces our risk of exposure to hackers, was really appealing to us and the fact that NHS Secure Boundary helps to fulfil the Cyber Essentials+ and Data Security and Protection Toolkit requirements was also a big bonus. 

There are over a thousand organisations on HSCN in total, running approximately 7,500 internet-facing services across the country.  All of these pass through NHS Secure Boundary, giving front-line clinicians the ability to securely access more timely information

“We’ll be using NHS Secure Boundary’s Web Application Firewall, which will protect all of our external-facing web services from potentially malicious inbound access requests. This means that we will be able to host our patient administration systems on our own network, and both community workers and sanctioned external organisations will be able to securely access them from wherever they are. So, this will enable a much more mobile and connected workforce, allowing clinical information to be available securely at the point of care, be that on our premises or at a patient’s home.”

A bird’s eye view 
Secure Boundary also gives the NHS a chance to see a broader picture centrally of what is happening with internet traffic. The more we can see across the NHS system, the better we can scan for potential threats in real time, detecting and neutralising them to help NHS organisations to protect themselves.  

It allows us to react much quicker to events across the estate and provides us with visibility and intelligence. So, during the pandemic, for example, this enabled us to block over 100,000 malicious domains as we increased the capacity of the platform to support the increase in internet traffic during Covide-19.

The NHS Secure Boundary also supports essential programmes, such as HSCN and Internet First, by helping to modernise security for organisations’ access to the internet, even on mobile devices. 

There are over a thousand organisations on HSCN in total, running approximately 7,500 internet-facing services across the country.  All of these pass through NHS Secure Boundary, giving front-line clinicians the ability to securely access more timely information and therefore make more informed decisions about patient care, even if they are not on site.

Next steps
NHS Secure Boundary is continually improving, with an innovation fund built into the programme to explore new and emerging technologies.  

There is a centrally funded two-year programme to onboard organisations with a dedicated team on hand to manage and support them, which started in January 2020. 

NHS Secure Boundary complements and supports the other services provided by NHS Digital’s Data Security Centre to help mitigate the risks we identified in our analysis of the wider system. These include Microsoft Advanced Threat Protection, our email filtering service, the Cyber Security Support Model, our workforce simulated phishing campaigns and our board level-training, providing both physical protection from threats and better awareness of cyber issues for staff. 

 

 

 

This article is part of PublicTechnology's Cyber Week, a dedicated programme of content focused on the threats facing the public sector and the country at large, and how government can best respond. Throughout the week, which is brought to you in association with CyberArk, we will publish interviews, features, analysis and exclusive research looking at - in chronological order - the cyber landscape for defence and national security, businesses, citizens, the NHS, and, finally, central and local government. Click here to access all the content in one place.

 

About the author

Rosie Underwood is programme manager for NHS Secure Boundary at NHS Digital

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Personal data of all Welsh coronavirus cases compromised in breach
15 September 2020

Public Health Wales says leak that affected more than 18,000 people to have tested positive was attributable to ‘human error’

GDS annual programmes cost £5m less than expected
6 August 2020

Cabinet Office annual report shows digital agency also brought in more than £2m in extra revenue

‘Policing is not set up for a world in which so much crime is committed online’
29 July 2020

Major review of police across England and Wales finds forces are ill-equipped to cope with the huge rise in recent years of cyber offences

Doctors’ union to review use of video consultations
17 September 2020

BMA board will examine how best to use technology going forward and calls for government to take heed of its findings

Related Sponsored Articles

Digital inclusion is vital during the COVID-19 accelerated channel shift
22 September 2020

Accessibility requirements aren’t restrictions that need to be overcome - they’re guidelines to improve online experiences for everyone, says Jadu VP Richard Friend

Intelligent Spend Management in the Public Sector
24 September 2020

SAP Concur says it's time for the public sector to embrace more efficient invoice management technology

IT Resilience: The Key to a Successful Digital Transformation
22 September 2020

Steve Blow, tech evangelist at Zerto, explains why digital transformation efforts could be futile if local authorities don’t address and improve their IT resilience