Ordr, an IT security firm for connected devices, has launched a guide to help National Health Service (NHS) providers meet NHS Digital’s new Data Security and Protection Toolkit (DSPT) criteria.
NHS Digital, the provider of data and IT systems to England's NHS, recently amended the DSPT making it mandatory for NHS organisations to keep an up-to-date inventory of all medical devices, including security vulnerabilities and data security.
The DSPT is an online self-assessment tool for organisations to measure their performance against 10 data security standards. All organisations that have access to NHS patient data and systems must use this toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.
In its recent Rise of the Machines report, Ordr found 19% of deployments with devices running outdated operating systems such as Windows 7 and older, and almost 34% of deployments with devices running Windows 8 and Windows 10, which are expected to reach end-of-life in 2023 and 2025 respectively.
Ordr recommends that organisations have an automated way to identify devices that are at risk, and segment them to ensure they are secure, keeping them in operation and avoiding the costs of replacing them early.
It is expected that the new DSPT compliance will force many organisations to make changes to align with NHS Digital requirements. Core security functions such as inventory, risk management, and threat detection will be essential to maintaining compliance.
Bob Vickers, Head of UKI at Ordr, said: “Even though data security standards ask healthcare organisations to ensure technology is secure and up to date with no unsupported operating systems, this is actually a global medical challenge for most. Connected medical devices can range widely, and often ran on outdated systems, even though they are a critical part of business operations.
"We need to remember that securing medical devices will define the future of healthcare. Security teams need the right tools to increase visibility into risks, bring devices into compliance, optimise utilisation and protect them from cyberattacks."
Ordr is already working with hospital trusts in the UK to improve their cybersecurity processes. "Here at Ordr, healthcare organisations can not only gain complete visibility into devices and risks, they can also keep track of NHS Cyber Alerts as a data feed into the Ordr Systems Control Engine (SCE) and address cyber threats such as ransomware on their network" Vickers added.
"By leveraging automation to drive efficiencies, they can ensure the highest standards of security for patient safety.”
Ordr provides support with managing data access, responding to incidents, and continuity planning among other areas. To download the guide visit their Data Security And Protection Toolkit (DSPT) - Solutions Brief.