Specialist trust uses Guardicore Centra Security Platform to protect servers running legacy operating systems
Liverpool Women’s NHS Foundation Trust has run a successful proof of concept exercise to bolster its network against hackers using the latest in software-defined segmentation.
The trust, which is the only specialist health organisation in the country for women and babies, is now deploying the Guardicore Centra Security Platform across servers running legacy operating systems, with the support of cyber security experts from Gemserv Health.
The move will support the trust in retaining its Cyber Essentials Plus accreditation and has inspired other organisations in the Cheshire and Merseyside Health and Care Partnership to adopt the same approach.
Matt Connor, the trust’s chief information officer and cyber security workstream lead for Cheshire and Merseyside Health and Care Partnership (HCP), said: “The WannaCry cyber attack in 2017 severely disrupted heathcare services and exposed the need for additional cyber security investment to enable a strength-in-depth approach.
“As a Cyber Essentials Plus accredited organisation, cyber security is important and we strive to maintain that standard.
It is refreshing to see an integrated care system working together on cyber security issues, and we look forward to more NHS areas taking the same approach
“But we have some residual legacy systems, and placing robust security controls around them is essential.
“We had been working with Gemserv Health on a number of cyber security initiatives, so when they suggested the Guardicore product to provide application level segmentation, we agreed to run the proof of concept.
“The Guardicore solution effectively places a secure wall around systems and applications and provides that extra peace of mind.”
In Cheshire and Merseyside, Gemserv’s cyber security team has mounted ethical phishing attacks and ran a simulation to test the HCP’s response to a potential ransomware attack with reputational consequences.
And, when it comes to recommending products to address specific cyber security issues, Gemserv Health is vendor neutral so recommended the Guardicore product for network segmentation as the best fit for the area’s needs.
Jay Miah, the trust’s operations manager and manager of the team that has been working with Germserv Health on the project, said: “In terms of legacy operation systems, we saw this as delivering real benefit for retaining Cyber Essentials Plus and for protecting the technology that our clinicians and patients rely on.
“Traditional approaches to network segmentation require the installation of firewalls, or the creation of VPNs. The Guardicore product sends out an agent that monitors traffic to a server or a device and lets you decide whether it’s ok or not.
“If it’s ok, it’s allowed and if it’s not ok, it’s blocked. It gives you an extra layer of visibility, and because it’s all software based, it allows you to set the rules centrally, which is much less complex than attempting to work through the network.”
Gemserv Health and Guardicore worked with the trust on the proof of concept and the subsequent rollout, but has now transferred knowledge to the trust so it can manage the product in future.
Philip Moss, trust head of technology, said: “This is like a tablet to make a headache go away. It’s another tablet from our cyber security bottle.
“As a trust, we are committed to a blended approach to cyber security, but this gives us something extra.”
This is like a tablet to make a headache go away. It’s another tablet from our cyber security bottle
David Newell, head of health at Gemserv Health, adds: “It is refreshing to see an integrated care system working together on cyber security issues, and we look forward to more NHS areas taking the same approach.
“It is also exciting to see Liverpool Women’s NHS Foundation Trust taking such a pro-active stance on network security and being willing to run a proof of concept from which others in the region are already benefitting.
“There are many broad, flat networks across the NHS that are difficult to segment to reduce the risk of a breach in one area spreading to another.
“The solution adopted by Liverpool Women’s is an innovative, next generation product that offers effective protection for a much-lower administrative overhead than traditional responses.”