NHS Shared Business Service (NHS SBS) has added a cyber security function to its recently released The Edge4Health procurement platform.
The corporate services provider, which is a joint venture between the Department for Health and Social Care and Sopra Steria, has developed the feature with technology company Virtualstock and cyber threat intelligence company Orpheus Cyber as part of the effort to improve security along the supply chain.
Orpheus has built up a cyber risk profile on all the suppliers included on The Edge4Health, combining information on what it does, the technologies it uses and the live vulnerabilities from a hacker’s perspective.
It also draws on the company’s large database of intelligence reporting on threats, which takes in factors such as whether a company is displaying any open ports in its web facing services, and the availability of its emails and passwords on the dark web.
This leads to the provision of a cyber risk score for individual suppliers that is visible to the NHS trusts using the platform.
The suppliers can click a dial to obtain a report that indicates their rating and provides a detailed explanation of the specific threats and vulnerabilities affecting them. It also shows how they can reduce their vulnerabilities.
Weak link target
Oliver Church, chief executive officer of Orpheus, said: “Supply chain cyber security has never been more important. Cyber adversaries of all types are increasingly targeting supply chains as the weak link in order to compromise their ultimate targets.”
Phil Davies, director of procurement at NHS SBS said: “With £9 billion of annual spend, the NHS has some of the longest and most complex supply chains in the world. Ensuring the security and integrity of these supply chains is a priority for NHS organisations, the Government and suppliers.
“Enabling suppliers to swiftly check on their current cyber security status is an important step forward in mitigating the threat posed.”
NHS SBS said The Edge4Health, which was launched last month, is currently being rolled out to more than 60 NHS organisations for use by around 30,000 employees.
Image from iStock, matejmo