New cyber security feature for NHS procurement platform, The Edge4Health

The newly-launched NHS procurement platform, “The Edge4Health” now comes with an integrated cyber-security feature, helping to improve the security of the NHS’s supply chain, it was announced today.

The platform is being rolled out to more than 60 NHS organisations and will be used by around 30,000 NHS employees. Bringing a familiar, consumer-style experience to NHS procurement for the first time and making purchasing easier and more transparent, The Edge4Health now also enables suppliers to the NHS to check and improve their cyber-security, thanks to a dial indicating whether their rating is good, average or bad.

By clicking on the dial, suppliers can download a report that provides a detailed explanation of the specific threats and vulnerabilities affecting their individual organisation. Reports show exactly how suppliers can reduce their vulnerabilities, enabling them to improve their own security and that of the NHS.

The functionality has been developed by leading cyber threat intelligence and cyber-risk management company, Orpheus Cyber, using its powerful and award-winning technology. Oliver Church, CEO of Orpheus, said:

“Supply chain cyber security has never been more important. Cyber adversaries of all types are increasingly targeting supply chains as the weak link in order to compromise their ultimate targets. Attacks are becoming increasingly complex, tending to focus not just on stealing data but on permanently deleting or encrypting it. Furthermore, we frequently see significant damage to customers when suppliers, disabled by cyber attacks, are no longer able to provide vital goods and services – which is potentially very serious when dealing with patient health. Because private data is often distributed through supply chains, a breach of a supplier can easily leak sensitive information, a major concern when dealing with the privacy of patient personal data. Legislation such as the GDPR provides for heavy fines if private data is breached due to poor cyber security.

 “As the only highly accredited cyber-threat intelligence company delivering award winning cyber risk rating, we are delighted that Orpheus has been able to make its technology available to all suppliers on The Edge4Health, helping them to protect themselves and – by extension – the NHS.”

Over a million products and services from thousands of suppliers are available via The Edge4Health – a cloud-based marketplace that enables suppliers to upload their complete catalogue, and NHS buyers to select which products should be available to order by requisitioners in their organisation.

The platform has been developed by NHS Shared Business Services (NHS SBS) and technology company Virtualstock to deliver cost savings and efficiencies, better data management, better compliance and end-to-end supply chain visibility.

Phil Davies, Director of Procurement at NHS SBS said:

“With £9 billion of annual spend, the NHS has some of the longest and most complex supply chains in the world. Ensuring the security and integrity of these supply chains is a priority for NHS organisations, the government, and suppliers. Enabling suppliers to swiftly check on their current cyber-security status is an important step forward in mitigating the threat posed.”

Ed Bradley, co-founder of Virtualstock, added:

“In addition to cyber security insights for suppliers, NHS trusts also have a view of their buying community cyber risk scoring via The Edge4Health. This type of visibility is likely to become increasingly important as security considerations become ever-more prevalent when organisations take buying decisions.”

A recent report published by Orpheus reviewed the current cyber security of a large number of NHS suppliers and found that:

  • 88% have had company emails and passwords leaked due to attacks on third-party databases
  • 37% of companies have vulnerabilities that look attractive to cybercriminals
  • 17% of companies appear to run databases that criminals could target
  • 95% of companies lack advanced email protection