NHS Digital adds £10m to prospective cyber security contract
- 23 February 2018
NHS Digital has raised the value of a contract through which it hopes to procure the services of an external cyber security partner for its security operations centre (SOC).
Tender documents reveal that NHS Digital has increased the estimated value of the contract from £20m to £30m. The organisation said the decision to do so had been made in light of the recent announcement of additional funding for cyber security in the NHS.
NHS Digital is looking to procure the services of a strategic partner to support the development and delivery of its SOC, which provides enhanced cyber security capabilities to national health and care services.
Said partner will be charged with providing additional support to NHS Digital’s in-house security team, including cyber penetration testing and real-time monitoring of NHS networks.
In a statement sent to Digital Health News, a spokesperson said the change in value did not represent a change in the requirements for the SOC. Rather, the increased value “ensures that NHS Digital can maximise its ability to monitor security threats and provide appropriate, proportionate and timely guidance, advice and expert response to health & care.”
The spokesperson added: “The increased value will ensure that the SOC can innovate, adapt and improve over time to meet changing user needs, tackle emerging threats to security, and take advantage of innovative developments in security service provision and technology.
“Any funding allocated via the increase in value will be subject to pilots and proof of concepts with early adopter organisations to demonstrate value and shape future services.”
NHS England diverted an additional £21 million toward cyber security in 2017, following May’s WannaCry incident.
A further £25 million has been identified in 2017/18 to help NHS organisations deemed most vulnerable to cyber-threats improve their resilience.
It was revealed at a Public Accounts Committee meeting in February that all NHS trusts that had been assessed against cyber security standards had failed.