New framework to protect NHS from cyber attacks

NHS Shared Business Services procurement channel gives NHS access to 25 carefully-selected suppliers specialising in IT security

Healthcare organisations are increasingly being targeted by cyber criminals

A new free-to-access procurement framework has launched to help the NHS and wider public sector manage cyber risks and recover in the event of a cyber security incident.

The Cyber Security Services Framework has been developed by NHS Shared Business Services (NHS SBS), providing value-for-money access to 25 carefully-selected suppliers specialising in managing cyber risks, recovering from attacks, cyber consultancy, and security personnel.

Developed in partnership with NHS Digital and the National Cyber Security Centre (NCSC), the framework addresses the Department of Health and Social Care’s Cyber Security agenda and complements services already available from NHS Digital’s Data Security Centre.

Set to run until May 2022, with an option to extend for a further two years, the framework has three lots and an estimated value of £250m.

It is open to NHS and other public-sector organisations, including local authorities, emergency services and schools.

Phil Davies, director of procurement at NHS SBS, said: “The launch of this new framework is particularly timely as the COVID-19 pandemic has prompted a new wave of cyber attacks and scams.

Technology plays a huge part in the way the NHS delivers patient care, so it is vital that healthcare providers keep data secure while being prepared for and resilient against attacks

“We welcomed the opportunity to partner with NHS Digital and look forward to continuing our collaborative relationship to ensure the agreement meets national cyber needs.

“Technology plays a huge part in the way the NHS delivers patient care, so it is vital that healthcare providers keep data secure while being prepared for and resilient against attacks.

“The NHS and public sector has been pro-active in harnessing improvements in cyber security since the WannaCry attacks in 2017, but there is still more work to be done.

“This framework provides a sustainable and trusted solution to help organisations meet the challenges around cyber security head on.”

Lot 1 is emergency cyber incident management aimed at helping organisations find support in dealing with a crisis or large-scale incident quickly.

Lot 2 is cyber consultancy services for ad-hoc or ongoing support such as security testing and data security assessments.

And Lot 3 is for the supply of specialist personnel to back up in-house security capabilities.

The 25 specialist suppliers on the framework were awarded after a comprehensive and fully Official Journal of the European Union-compliant procurement exercise. They include a range of multinationals and SMEs to suit all needs.

It means that NHS and other public sector organisations can directly award contracts without the need for a complex and time-consuming procurement process, or run mini competitions to meet any bespoke requirements and drive further competitive pricing.

Companies