Liverpool Women’s NHS Foundation Trust has run a successful proof of concept to bolster its network against hackers using the latest in software defined segmentation. Liverpool Women’s, which is the only specialist trust in the country for women and babies, is now deploying the Guardicore Centra Security Platform across servers running legacy operating systems, with the support of cyber security experts from Gemserv Health.
The move will support the trust in retaining its Cyber Essentials Plus accreditation and has inspired other trusts in the Cheshire and Merseyside Health and Care Partnership to adopt the same approach.
Matt Connor, chief information officer at Liverpool Women’s and cyber security workstream lead for Cheshire and Merseyside Health and Care Partnership (HCP), said: “The WannaCry cyber-attack in 2017 severely disrupted heath care services and exposed the need for additional cyber security investment to enable a strength in depth approach.
“As a Cyber Essentials Plus accredited organisation, cyber security is important and we strive to maintain that standard. We have some residual legacy systems, and placing robust security controls around them is essential. We had been working with Gemserv Health on a number of cyber security initiatives, so when they suggested the Guardicore product to provide application level segmentation, we agreed to run the proof of concept.
“The Guardicore solution effectively places a secure wall around systems and applications. It provides that extra peace of mind.”
Gemserv Health provides professional services to health and care organisations looking to make the most of technology and data.
It has a respected cyber security practice that is increasingly being asked to work across NHS regions to make sure organisations have good security in place and that they can mount a co-ordinated response if they face a cyber security incident.
In Cheshire and Merseyside, the cyber security team has mounted ethical phishing attacks and ran a simulation to test the HCP’s response to a potential ransomware attack with reputational consequences.
When it comes to recommending products to address specific cyber security issues, Gemserv Health is vendor neutral. It recommended the Guardicore product for network segmentation as the best fit for the area’s needs.
Jay Miah, Liverpool Women’s operations manager and manager of the team that has been working with Germserv Health on the project, said: “In terms of legacy operation systems, we saw this as delivering real benefit for retaining Cyber Essentials Plus and for protecting the technology that our clinicians and patients rely on.
“Traditional approaches to network segmentation require the installation of firewalls, or the creation of VPNs. The Guardicore product sends out an agent that monitors traffic to a server or a device and lets you decide whether it’s ok or not.
“If it’s ok, it’s allowed and if it’s not ok, it’s blocked. It gives you an extra layer of visibility, and because it’s all software based, it allows you to set the rules centrally, which is much less complex than attempting to work through the network.”
Gemserv Health and Guardicore worked with Liverpool Women’s on the proof of concept and the subsequent roll-out, but they have transferred knowledge to the trust so it can manage the product in future.
Philip Moss, trust head of technology, said: “This is like a tablet to make a headache go away. It’s another tablet from our cyber-security bottle. As a trust, we are committed to a blended approach to cyber-security, but this gives us something extra.”
David Newell, Head of Health at Gemserv Health said: “We value our engagement with Cheshire and Merseyside Health and Care Partnership. It is refreshing to see an integrated care system working together on cyber-security issues, and we look forward to more NHS areas taking the same approach.
“It is also exciting to see Liverpool Women’s NHS Foundation Trust taking such a proactive stance on network security and being willing to run a proof of concept from which others in the region are already benefitting. There are many broad, flat networks across the NHS that are difficult to segment to reduce the risk of a breach in one area spreading to another.
“The solution adopted by Liverpool Women’s is an innovative, next generation product that offers effective protection for a much lower administrative overhead than traditional responses.”
