October 2019 - June 2020

Project - NHS Digital

Business Intelligence and Risk Webapp

Insight

For NHS Digital, cybersecurity isn’t just an IT concern — it’s also a clinical safety issue. To better protect England’s healthcare system from cyberattacks, it engaged IBM as its strategic Cyber Security Operations Centre (CSOC) partner to provide enhanced security services and support and enable it to predictably and precisely block would-be threats.

Idea

We teamed up with the NHS's Data Security Centre (DSC) to build the first phase of their Business Intelligence & Risk platform! A key driver behind the programme is that whilst the NHS organisations infrastructure has plenty of cyber-related information (e.g. firewall logs, asset registers, etc.) but none of this data is organised in a way that lends itself to real business intelli-gence.

Impact

Myself and the team have been working very hard running work-shops to understand our key Personas (Local CIOS & NHS X Programme Man-ager) pain points & needs, designing their new user experience and develop-ing the application end to end. Alongside the design & development work, our data science team have designed the initial risk model and the common data model that combines multiple data sources to produce our outputs. The functional webapp will be deployed to CIOS in the NHS soon.

Click here to learn more about IBM's work with NHS Digital

Innovation Garage

In May 2019, iX was asked to support IBM Security on a proposal to set up an Innovation Garage for NHS Digital. This was part of a wider programme of work to build NHS-Digital's capability as a Managed Security Service Provider (MSSP) in a 3-5 year transformation programme. This followed a ransomware attack on the NHS which compromised patient data in 2017, better known as WannaCry.
‍
Since May of last year, we have worked with NHS Digital to define their Innova-tion Garage model. We used human centred design techniques to get to the heart of problems that caused cybersecurity vulnerabilities, incidents and inefficiencies in the NHS.
‍
As the Innovation Garage, we sit at the forefront of the project lifecycle, defin-ing the strategy for innovation, sourcing, prioritising and selecting ideas to take through the garage process. We work closely with people that can provide the most insight into these problems to come up with solutions that can be tested for their value and feasibility.

Discovery Phase

The discovery phase of the project was carried out to establish exactly which user groups within NHS Digital our webapp be targeted at. This enables us to better understand their needs and wishes in order for us to cater towards them.

The user groups that we would be focusing on:
‍
Bill - NHS X Programme Manager
Bill is responsible for overseeing and reporting on the cybersecurity risk posture across several regions which enables me to recommend actions for improvement. I currently lack confidence in the current methods of cyber security risk reporting. I find that data is difficult to obtain and keep updated. I wish that there was a better method to encouraging trusts carry out internal risk analysis reports so that we can better understand and compare different regions in a transparent manor.
‍
Steve - CIO For a Local NHS Trust
Steve is responsible for overseeing the technical operations in an NHS trust, this means that he keeps the day-to-day technical operations of the trust running and maintained as well as planning and investing in future technologies and strategies. I understand the importance of cyber security within my trust however I possibly do need to be more transparent with the information and assessments that are currently carried out in order for my trust to be compliant with current and NHS future cyber risk policy.