4,373 members and growing, are your details correct please LOGIN and update NOW
HCSA LONDON & SOUTH REGIONAL EIS EVENT Back in May 2025 Date to be announced later in November 2024
HCSA MIDLANDS REGIONAL EIS EVENT Back in June 2025 Date to be announced later in November 2024
2024 HCSA NORTH REGIONAL EIS EVENT Back in July 2025 Date to be announced later in November 2024
Women's Network Conference Holiday Inn Regents Park 4th September 2024, Opening July 2024
HCSA Annual Conference 13 & 14 November 2024 Telford International Centre ON SALE NOW BOOK EARLY to save disappointment
Close Search

NHS England is letting a £4.3m contract to review cyber security risks to critical NHS suppliers, writes HSJ.

The contract, worth £4.3m for up to four years, requires a “supply chain specialist” to “enhance cyber risk visibility, assurance and resilience” throughout the NHS supply chain, and to help healthcare providers “hold suppliers to account”.

The successful bidder will be responsible for identifying critical suppliers in the NHS supply chain, and helping develop a “national supplier management platform” to track cyber security risks to them.

NHSE said the tender had been planned since the spring, but it is an issue which has received huge attention in the wake of the cyber attack on the pathology system supplier Synnovis, which has had a huge impact on services in London, and data leaked online by hackers.

Speaking earlier this month, Hampshire and Isle of Wight Integrated Care Board chair Lena Samuels said the south east London attack illustrated how the NHS’s supply chain contained “absolutely massive” cyber security risks, which are not captured in existing risk registers.

In its invitation to tender, published last week, NHSE said the project aimed to address the “increasing cyber threat” posed by “vulnerabilities in suppliers’ systems”.

It said: “Mapping of our critical and common suppliers will enable the identification and coordinated management of systemic and aggregate cyber supply chain risks to government.

“Supply chain cyber security principles and assurance will establish clear requirements for these suppliers, with the expectation that they provide transparent statements of adherence.

“Improved understanding of suppliers and their dependencies will also enable government to better respond to cyber security incidents that emanate from the supply chain. Such understanding will provide oversight of cross-government impacts and enable more focused and efficient engagements with the suppliers, ensuring that any incident is managed swiftly and efficiently.”

The work sits within NHSE’s cyber improvement programme, as part of its supply chain management workstream.

HSJ reported in April the improvement programme was facing a 50 per cent cut to its revenue in 2024-25, and a chance work may have to be “paused”. However, the new contract notice states the programme’s annual budget is £200m, and aims to deliver by 2025, which indicates NHSE may have abandoned the idea of cutting it.

Source: HSJ

Date: 26 June

Posted in News on Jun 26, 2024

Back to News