LORCA member Orpheus develops new cybersecurity feature for an NHS procurement platform //12.02.20
The NHS is one of the world’s largest employers and relies on a global supply chain. It’s also embracing technology with open arms: secretary of state for health and social care Matt Hancock has previously promised that “the tech revolution is coming to the NHS” and spoken about the potential of tech to improve patient safety, reduce delays and speed up appointments. But with that enthusiasm comes an appreciation for the importance of cybersecurity – something LORCA member Orpheus is helping the health organisation with.
Orpheus, a cyber threat intelligence company, has helped the NHS integrate a new cybersecurity feature into its recently launched procurement platform, The Edge4Health, to help the NHS improve the security of its supply chain.
The platform has been developed by NHS Shared Business Services and technology company Virtualstock to deliver cost savings and efficiencies, as well as improve data management, compliance and end-to-end supply chain visibility.
It’s a cloud-based marketplace featuring over a million products and services from thousands of suppliers, and it’s being rolled out to more than 60 NHS organisations where around 30,000 NHS employees will use it. To boost the platform’s cyber defences, Orpheus has built a cyber risk profile on all the suppliers included in The Edge4Health, combining information on what the supplier does, the technologies it uses and the live vulnerabilities from a hacker’s perspective.
Suppliers can check whether their rating is good, average or bad, and download a report detailing the specific threats and vulnerabilities affecting their organisation. These reports will also show them how they can improve their – and therefore the NHS’ – security standing.
Oliver Church, CEO of Orpheus, highlighted the importance of boosting supply chain security:
“Supply chain cyber security has never been more important. Cyber adversaries of all types are increasingly targeting supply chains as the weak link in order to compromise their ultimate targets. Attacks are becoming increasingly complex, tending to focus not just on stealing data but on permanently deleting or encrypting it. “
He also said that it was important to protect individual people whose data is held by organisations – particularly in sectors like health:
“Furthermore, we frequently see significant damage to customers when suppliers, disabled by cyber attacks, are no longer able to provide vital goods and services – which is potentially very serious when dealing with patient health. Because private data is often distributed through supply chains, a breach of a supplier can easily leak sensitive information, a major concern when dealing with the privacy of patient personal data.”
Meanwhile, Phil Davies, director of procurement at NHS Shared Business Services said:
“With £9 billion of annual spend, the NHS has some of the longest and most complex supply chains in the world. Ensuring the security and integrity of these supply chains is a priority for NHS organisations, the government, and suppliers. Enabling suppliers to swiftly check on their current cyber-security status is an important step forward in mitigating the threat posed.”
The news follows research by Orpheus that looked at the cybersecurity profiles of NHS suppliers and served to highlight some of the challenges large organisations have when it comes to securing their supply chains. The research found that 37% of the companies Orpheus analysed had vulnerabilities that look attractive to cybercriminals, 17% appear to run databases that criminals could target and 95% lacked advanced email protection.
More about Orpheus
Orpheus, which has just joined our fourth cohort, is a UK-government accredited cyber threat intelligence company that provides cyber risk rating services.
It’s accredited to provide threat intelligence and cyber resilience testing for critical national infrastructure organisations in the UK, and helps organisations understand and deal with cyber threats throughout their supply chains. The company’s technology can collect huge volumes of cyber risk data, which it then analyses using machine learning (plus human intelligence) to stop cyber risks in their tracks.