Our operations director, healthcare and local government, discusses a growing problem that’s creating a major headache for the NHS
We live in an age of continual connectivity and ‘always on’ 24 x 7 computing.
In many respects, this benefits most of us in both our home and working lives. From internet shopping and streaming services to mobile and remote working, better information sharing and improved communication, online living offers speed, convenience and easy access to information.
Unfortunately however, hand in hand with continual connectivity is the ever growing risk of falling victim to cyber criminality or cyber vindictiveness. Inevitably – and rather sadly – the NHS is a prime target. WannaCry and other attacks remain fresh in the memory and serve to remind us all of the NHS’s vulnerability – and of just how serious the implications are when things go wrong within our health and care system.
Ducking the issue
NHS England should be applauded for its laudable efforts and investments in beefing up NHS security. And yet, there is a dichotomy between making much needed security investment and current NHS procurement rules, where at a local level, cost is increasingly placed above everything else and there is constant pressure to do more with less. This inevitably leads to compromise.
As the saying goes, if it looks like a duck, walks like a duck and quacks like a duck, there’s a pretty good chance that it’s a duck.
Is it therefore any great surprise that many NHS trusts and other health and care organisations have in place infrastructure that are often unsupported and frequently purchased through unauthorised channels? Or that IT solutions purchased by the NHS are sometime pure and simple counterfeit? To make matters worse, this situation can occur when organisations make purchases in good faith, using what they perceive to be bona fide arrangements made via multiple procurement frameworks.
Don’t be a sitting duck
There are steps NHS organisations can take to start protecting themselves. For example, look closely at the costs. We know that if a product purchased from supplier D is half the price of those available from suppliers A, B and C, guess what?
It’s likely to be a duck.
Transfer this thinking to your own shopping habits. Would you blindly buy ‘as is’? Or would you take a step back, do your research and make a considered decision? I know what I would do. Even more importantly I know what I’d like the NHS trust that supports my family’s healthcare to do. And I am sure the vast majority of us would feel the same.
Not what the doctor ordered
Industry can only do so much to help, and sadly, I find myself dealing with an increasing number of cases of unsupported, unauthorised or counterfeit infrastructure in the NHS.
Nobody would argue the criticality of infrastructure underpinning the Government’s aim of a fully interoperable IT community within the NHS. So why allow this to happen? Would you buy a counterfeit drug? Of course not. So why risk harm to patients by failing to ensure adequate safeguards around infrastructure investment?
What’s the remedy?
There is a reason why we have a Healthcare Partner Programme. It is to ensure that we offer commercially attractive terms to the NHS via authorised partners who have a focus on the NHS.
For further advice, read our recently revised guide to securing health and care communities, where we identify ten common security issues and offer advice on how to address each one. And you can contact our health and care team for information on specific issues, including how to ensure your organisation isn’t caught out by counterfeit products.
You could also visit our Buy Right webpage, to help ensure the products you buy are genuine and authorised. And as we know that cost is always an issue for the NHS, our Refresh option makes available high quality remanufactured licenced Cisco products, with the added reassurance of our support. Contact the team for further advice and information.