After the WannaCry disaster, the NHS wants a cybersecurity partner to create a security operations centre (SOC), in a deal set to be worth £20 million.
A contract notice, published by NHS Digital shows plans to select a “strategic partner” that will develop and support the SOC for three years.
In a statement, NHS Digital said the agreement would provide “enhanced monitoring of national services” and also bolster the NHS’ ethical hacking capabilities.
Dan Taylor, head of the digital security centre at NHS Digital, said: “The partnership will provide access to extra specialist resources during peak periods and enable the team which would proactively monitor the web for security threats and emerging vulnerabilities.
“It will also allow us to improve our current capabilities in ethical hacking, vulnerability testing and the forensic analysis of malicious software, and will improve our ability to anticipate future vulnerabilities while supporting health and care in remediating current known threats.
“By creating a national, near-real-time monitoring and alerting service that covers the whole health and care system, the SOC will drive economies of scale, giving health and care organisations additional intelligence and support services that they might not otherwise be able to access.”
NHS Digital will invite five or six suppliers to tender for the contract, with the deadline for suppliers to express interest set for 20 December.
NHS Digital expects to invite potential suppliers to tender on 15 January next year.
The NHS had a rough time after the network was taken down by the WannaCry virus which was blamed on the outdated and unsupported operating systems used by NHS organisations.
Flying Binary has come up with a product to allow NHS trusts to consolidate their data in readiness for GDPR by buying an Analytics Private Health Data Vault service.
Flying Binary says its Analytics Private Health Data Vault service can be bought through the G-Cloud 9 app store.
The outfit said the service helps GDPR compliance of a trust’s applications, decommissioning legacy systems, and tinkers with patient data to enable operational health analyses and a single view of patient data.
GDPR, the General Data Protection Regulation is one of those EU-crafted data storing regulations which the UK will still adopt. It comes into force in May 2018, specifying how organisations holding personal data process and control it.
What this means is that the Trusts can buy a GDPR-compliant PACS system from Flying Binary which is based on Commvault’s Clinical Archive offering. Their legacy data is accessible through it and available for bulk migration.
Last year’s reply-all cock-up by the NHS where 500 million emails being sent across the health service’s network in just 75 minutes is being blamed on outsourcer Accenture.
On 14 November a senior associate ICT delivery facilitator sent a test message on what was thought to be a local distribution list she had created. However, it instead went to all 850,000 people with an NHSmail email account.
The blank message, sent early in the morning with a subject line that simply read “test”, was sent to a distribution list called “CroydonPractices”. Around 80 promptly replied and demanded that they be removed from the list which was when trouble really began.
An official report into the meltdown said that NHSmail’s Dynamic Distribution List (DDL) allows administrators to create distribution lists using a range of options and rules.
The local admin selected the “only in my organisation” rule, which she thought would restrict the distribution list to her South London clinical commissioning group.
However, a software configuration error meant that the system applied an ‘All England’ rule rather than one including only the administrator’s organisation. The administrator would not have known that this had occurred.”
The NHS report blames Accenture for not having failsafes in place that would have prevented the fiasco. The system’s design requirements was that “strict controls must be in place to limit the volume of any one email sent by an individual user or local administrator.” This was something that Accenture has not come up with.
The ability to create DDLs of similar forms will remain disabled until NHS Digital is satisfied this has been delivered, the reports said.
It is starting to look like a whole clutch of NHS IT projects are about to turn into embarrassing turkeys and gobble their way to the Treasury to look for more cash or be carved up before Christmas.
The increasingly expensive GP Extraction Service IT system has been deemed “not fit for purpose” by the government’s spending watchdog. For those who came in late, the GPES IT system was supposed to extract data from all GP practices in England.
All a great idea but costs have gone from £14 million to £40 million. More than £5.5 million of that has been wasted on write-offs and delay costs.
The ever grumpy National Audit Office (NAO) noted that the GPES has so far managed to provide data for just one customer, NHS England, and even that was four years later than originally planned.
However the NAO said the need for the service remains and further public expenditure is required to improve or replace it.
The NAO said additional costs have been incurred through a settlement with one of the main suppliers, Atos.
According to the Major Projects Authority, NHS IT remains in a poor state, with the Department of Health having the highest number of IT projects rated as “unachievable”.
On the list set for more woe is the Care.data programme, the NHS Choices website, and the department’s new network project.
The new e-Referrals system was also pulled offline recently meaning that hospitals and GPs across England had to resort to fax machines in order to refer patients.
NHS Trusts are insisting on keeping Windows XP machines despite concerns that they are about as secure as a celeb’s naked picture on the iCloud and have cost £5.5 million from Microsoft to support.
According to Citrix, the mobile workspace company, which filed a freedom of information act request to get its data, all the of 35 NHS Trusts are still using Windows XP and that just five are using desktop virtualisation technology to handle migration away from it.
Jason Tooley, UK country manager at Citrix, said that like the rest of the public sector, the NHS is under tremendous pressure to do more with less and the IT department is no exception.
He called on NHS trusts across the UK to harness technology today to transform IT processes for the better. Using IT — including desktop and application virtualisation — can positively impact the entire workplace, delivering increased productivity and ultimately improved patient care.
Microsoft announced Windows XP’s end of life on 8 April 2014 but the British government has an extension on support until 8 April 2015 and with this in mind. More than 74 percent of the trusts surveyed admitted their last devices wouldn’t be migrated until March 2015.
Another 14 percent are unsure when they will transition their last computer away from Windows XP and in addition to the five that are already using virtualisation, just two more plan to take a similar path before the deadline.
There are rumours that the UK government could end up signing another extension with Microsoft to provide a second year of support and it’s likely to cost the same £5.5 million it shelled out for help this year.
Under that deal, Vole provides security updates for the 12 year old OS as well as Office 2003 and Exchange 2003 for the entire UK public sector, and a similar deal was signed by the Dutch government for the same level of support.
World on the street is that the UK government may wait for Windows 10 to come to its rescue and there’s a distinct possibility we will be talking about an NHS stuck on Windows XP this time next year.
The NHS has purged the Oracle backbone from a national patient database system and recommended a course of Open Sauc NoSQL running on an open-source stack instead.
Dubbed Spine2, the new Ellison free backbone has gone live on x86 hardware. Spine is the NHS’s main secure patient database and messaging platform. It is a bit of serious technology logging the non-clinical information on 80 million Brits.
It also runs a messaging hub between 20,000 applications that include the Electronic Prescription Service and Summary Care Records.
The first version of Spine had run on Oracle under an out-sourced contract managed by telecoms giant BT, but the Health and Social Care Information Center (HSCIC) – the NHS organisation running the system thought that open source and NoSQL will be easier to live with.
Oracle’s relational database has been replaced with a NoSQL distributed system called Riak, from Basho.
Other open-source elements are Redis, Nginx, Tornado and RabitMQ while Splunk has been used for logging and reporting.
The Spine2 contract was awarded under the Cabinet Office’s G-Cloud framework, which encourages government types to buy from small providers like Basho.
It seems to have been much cheaper too some of that is not having to pay an Oracle license, or a maintenance fee, but some of it was also managed by consolidating the hardware.
Riak is up to two times cheaper than Oracle while the infrastructure will cost five per cent that of the old setup.
What is also odd is that HSCIC has saved money by bringing Spine2 back in house with on-going development. This is bad news for BT, but could be the start of a backlash against open sourcing.
Europe-wide austerity programmes and spending cuts are placing more and more pressure on healthcare providers and hospitals to shrink their spending, and a report from IDC Health Insights claims one viable option will be consolidating their IT systems.
Increasing efficiencies must be a priority for hospital procurement and implementation, IDC claims. They will be striving to offer the same level of care, quality and safety with less resources, so in turn, to stay afloat, they should offer services coordinated with other providers in their catchment areas.
Silvia Piai, IDC Health Insights EMEA research manager, said that in a resource stretched scenario, keeping IT in line with long term business objectives is not an easy task. “Hospitals’ CIOs have to architect for reusability, interoperability, and scalability when implementing new enterprise and line of business solutions, Piai said. “Just keeping the lights on for the existing systems will only drive them to a budget-cut vortext”.
Hospital IT departments are usually driven, IDC pointed out, by regulation compliance. Other aspects in chain management and governance are underestimated, and this leans on a hospitals’ capabilities in risk management.
Top on the agenda for hospital CIOs at the moment is electronic medical records. Health information exchange exchange focusing on cooperation with other providers “is still relatively low,” IDC said. High investments are being put into e-procurement, business intelligence and analytics.
Speaking with over 100 European hospital executives about their business priorities, IDC noted that pressure to reduce public expendiature is reflected in hospitals’ needs to improve performance and IT costs. Strong financial and legal penalties for failing to meet regulatory requirements in emerging areas such as data capture, retention, protection and security are ultimately determining the course of hospital IT investment.
IDC notes change management will include alternative governance models and this challenge is being underestimated in IT. It will bring together physicians and nurses from different care centres, IDC said, or changes in funding models that offer incentives for care and collaborative culture.