The newly-launched NHS procurement platform, The Edge4Health, now comes with an integrated cyber-security feature, helping to improve the security of the NHS supply chain.
The Edge4Health is being rolled out to more than 60 NHS organisations and will be used by around 30,000 NHS employees.
Bringing a familiar, consumer-style experience to NHS procurement for the first time, and making purchasing easier and more transparent; the platform now also enables suppliers to the NHS to check and improve their cyber security, thanks to a dial indicating whether their rating is good, average, or bad.
With £9billion of annual spend, the NHS has some of the longest and most-complex supply chains in the world
By clicking on the dial, suppliers can download a report that provides a detailed explanation of the specific threats and vulnerabilities affecting their individual organisation.
And the reports show exactly how suppliers can reduce their vulnerabilities, enabling them to improve their own security and that of the NHS.
The functionality has been developed by leading cyber threat intelligence and cyber-risk management company, Orpheus Cyber, using its award-winning technology.
Oliver Church, company chief executive, said: “Supply chain cyber security has never been more important.
“Cyber adversaries of all types are increasingly targeting supply chains as the weak link in order to compromise their ultimate targets.
“Attacks are becoming increasingly complex, tending to focus not just on stealing data, but on permanently deleting or encrypting it.
“Furthermore, we frequently see significant damage to customers when suppliers, disabled by cyber attacks, are no longer able to provide vital goods and services – which is potentially very serious when dealing with patient health.
Cyber adversaries of all types are increasingly targeting supply chains as the weak link in order to compromise their ultimate targets
“Because private data is often distributed through supply chains, a breach of a supplier can easily leak sensitive information, a major concern when dealing with the privacy of patient personal data.
“And legislation such as the GDPR provides for heavy fines if private data is breached due to poor cyber security.
“As the only highly-accredited cyber-threat intelligence company delivering award-winning cyber risk rating, we are delighted that Orpheus has been able to make its technology available to all suppliers on The Edge4Health, helping them to protect themselves and - by extension - the NHS.”
Over a million products and services from thousands of suppliers are available via The Edge4Health – a cloud-based marketplace that enables suppliers to upload their complete catalogue and NHS buyers to select which products should be available to order by requisitioners in their organisation.
The platform has been developed by NHS Shared Business Services (NHS SBS) and technology company, Virtualstock, to deliver cost savings and efficiencies, better data management, better compliance, and end-to-end supply chain visibility.
Phil Davies, director of procurement at NHS SBS said:“With £9billion of annual spend, the NHS has some of the longest and most-complex supply chains in the world.
As the only highly-accredited cyber-threat intelligence company delivering award-winning cyber risk rating, we are delighted that Orpheus has been able to make its technology available to all suppliers on The Edge4Health, helping them to protect themselves and - by extension - the NHS
“Ensuring the security and integrity of these supply chains is a priority for NHS organisations, the Government, and suppliers.
“Enabling suppliers to swiftly check on their current cyber security status is an important step forward in mitigating the threat posed.”
A recent report published by Orpheus reviewed the current cyber security of a large number of NHS suppliers and found that:
- 88% have had company emails and passwords leaked due to attacks on third-party databases
- 37% of companies have vulnerabilities that look attractive to cyber criminals
- 17% of companies appear to run databases that criminals could target
- 95% of companies lack advanced email protection