New framework to protect NHS against cyber threats

A new free to access procurement framework has launched to help the NHS and wider public sector manage cyber risks and recover in the event of a cyber security incident.

The Cyber Security Services Framework has been developed by NHS Shared Business Services (NHS SBS), providing value-for-money access to 25 carefully selected suppliers specialising in managing cyber risks, recovering from attacks, cyber consultancy and security personnel.

Developed in partnership with NHS Digital and the National Cyber Security Centre (NCSC), the framework addresses the Department of Health and Social Care’s Cyber Security agenda and complements services already available from NHS Digital’s Data Security Centre.

The framework, which is set to run until May 2022 (with an option to extend for a further two years), has three lots and an estimated value of £250 million. It is open to NHS and other public sector organisations, including local authorities, emergency services and schools.

Lot 1 is emergency cyber incident management, aimed at helping organisations find support in dealing with a crisis or large scale incident quickly. Lot 2 is cyber consultancy services for ad hoc or ongoing support such as security testing and data security assessments. Lot 3 is for the supply of specialist personnel to back up in-house security capabilities.

The 25 specialist suppliers on the framework were awarded after a comprehensive and fully OJEU (Official Journal of the European Union) compliant procurement exercise. They include a range of multinationals and SMEs to suit all needs. It means that NHS and other public sector organisations can directly award contracts without the need for a complex and time-consuming procurement process, or run mini competitions to meet any bespoke requirements and drive further competitive pricing.

The new Cyber Security Services Framework is part of a growing portfolio of digital and IT agreements managed by NHS SBS, including Cloud Solutions, Link: Hardware, Link: Solutions, IT Consultancy and Healthcare Clinical Information Systems.

Phil Davies, director of Procurement at NHS SBS, said: “The launch of this new framework is particularly timely as the Covid-19 pandemic has prompted a new wave of cyber-attacks and scams. We welcomed the opportunity to partner with NHS Digital and look forward to continuing our collaborative relationship to ensure the agreement meets national cyber needs.

“Technology plays a huge part in the way the NHS delivers patient care so it is vital that healthcare providers keep data secure, whilst being prepared for and resilient against attacks. The NHS and public sector has been proactive in harnessing improvements in cyber security since the WannaCry attacks in 2017 but there is still more work to be done. This framework provides a sustainable and trusted solution to help organisations meet the challenges around cyber security head on.”