NHS Digital on how its Secure Boundary is protecting trusts from cyberthreats

Written by Rosie Underwood on 9 July 2020 in Opinion

The perimeter security programme is already protecting thousands of NHS services and wants to work with more trusts, according to Rosie Underwood

Credit: Yui Mok/PA Archive/PA Images

NHS Secure Boundary is a powerful cybersecurity tool that gives NHS organisations the chance to control what passes in and out of their digital estate.

Organisations can benefit from secure filtering for web content, next generation firewalls, secure DNS services and data-loss prevention, among other things.

Last summer, we announced the delivery of NHS Secure Boundary and our partnership with Accenture, Palo Alto Networks and Imperva. Since then, we have worked with a range of organisations to gather vital feedback on their onboarding experience so that we could learn the best way to extend the solution across the wider estate.

We now have 15 trusts live on the platform with implementations scheduled through to the end of 2020. All 21 Consumer Network Service Providers (CNSPs) that manage internet traffic on the Health and Social Care Network (HSCN) are now live on NHS Secure Boundary and over a thousand NHS and care organisations that use them are benefitting from the protection that it offers.

Why Secure Boundary?
First and foremost, the platform is flexible. Organisations can choose from either or both of the firewalls on offer and we will walk them through each step of the onboarding process, providing support with a dedicated set of expert resources, tailored to their needs.

One of our early adopter trusts, York Teaching Hospitals Trust, had this feedback: 

“NHS Secure Boundary has given us an extra layer of security for our internet access at almost zero cost for our trust, saving potentially hundreds of thousands on a similar product if we’d had to buy it in ourselves. Its next-generation firewall, which identifies potential threats early on and reduces our risk of exposure to hackers, was really appealing to us and the fact that NHS Secure Boundary helps to fulfil the Cyber Essentials+ and Data Security and Protection Toolkit requirements was also a big bonus. 

There are over a thousand organisations on HSCN in total, running approximately 7,500 internet-facing services across the country.  All of these pass through NHS Secure Boundary, giving front-line clinicians the ability to securely access more timely information

“We’ll be using NHS Secure Boundary’s Web Application Firewall, which will protect all of our external-facing web services from potentially malicious inbound access requests. This means that we will be able to host our patient administration systems on our own network, and both community workers and sanctioned external organisations will be able to securely access them from wherever they are. So, this will enable a much more mobile and connected workforce, allowing clinical information to be available securely at the point of care, be that on our premises or at a patient’s home.”

A bird’s eye view 
Secure Boundary also gives the NHS a chance to see a broader picture centrally of what is happening with internet traffic. The more we can see across the NHS system, the better we can scan for potential threats in real time, detecting and neutralising them to help NHS organisations to protect themselves.  

It allows us to react much quicker to events across the estate and provides us with visibility and intelligence. So, during the pandemic, for example, this enabled us to block over 100,000 malicious domains as we increased the capacity of the platform to support the increase in internet traffic during Covide-19.

The NHS Secure Boundary also supports essential programmes, such as HSCN and Internet First, by helping to modernise security for organisations’ access to the internet, even on mobile devices. 

There are over a thousand organisations on HSCN in total, running approximately 7,500 internet-facing services across the country.  All of these pass through NHS Secure Boundary, giving front-line clinicians the ability to securely access more timely information and therefore make more informed decisions about patient care, even if they are not on site.

Next steps
NHS Secure Boundary is continually improving, with an innovation fund built into the programme to explore new and emerging technologies.  

There is a centrally funded two-year programme to onboard organisations with a dedicated team on hand to manage and support them, which started in January 2020. 

NHS Secure Boundary complements and supports the other services provided by NHS Digital’s Data Security Centre to help mitigate the risks we identified in our analysis of the wider system. These include Microsoft Advanced Threat Protection, our email filtering service, the Cyber Security Support Model, our workforce simulated phishing campaigns and our board level-training, providing both physical protection from threats and better awareness of cyber issues for staff. 




This article is part of PublicTechnology's Cyber Week, a dedicated programme of content focused on the threats facing the public sector and the country at large, and how government can best respond. Throughout the week, which is brought to you in association with CyberArk, we will publish interviews, features, analysis and exclusive research looking at - in chronological order - the cyber landscape for defence and national security, businesses, citizens, the NHS, and, finally, central and local government. Click here to access all the content in one place.


About the author

Rosie Underwood is programme manager for NHS Secure Boundary at NHS Digital

Share this page




Please login to post a comment or register for a free account.

Related Articles

‘Treated as suspects’ – ICO calls for end to excessive demands for personal data of rape victims
31 May 2022

Information commissioner tells forces to immediately stop gathering info in a manner he claims is putting a major dent in conviction rates

‘Remote monitoring and virtual wards’ – Javid unveils NHS tech transformation plan to clear Covid backlogs
29 June 2022

Health secretary claims that use of NHS app is ‘at the heart of’ strategy to reform health service

Ex-Whitehall top dog to join board of defence and security firm
27 June 2022

Former cabinet secretary Mark Sedwill has landed a non-executive role at BAE Systems

Russia: sanctions tightened on exports of monitoring and military tech
24 June 2022

New measures prohibit supply of any tech used for ‘internal repression’