The Challenge

Digital Health and Care Wales (DHCW) was established as a new Special Health Authority in NHS Wales, on 1st April 2021 to take forward the digital transformation needed for better health and care in Wales. DHCW has a leading role in delivering the national programmes needed for modern technology-enabled healthcare. These are large-scale developments that make a significant difference to the people of Wales.

DHCW has a bold and ambitious programme of integration and innovation that includes expansion of the digital patient record and the creation of a world-leading national data resource, improving the way data is collected, shared, and used.

To deliver the digital aims of Welsh Government and to ensure the very best digital solutions for the people of Wales, DHCW works collaboratively with health and care professionals, patients and public, industry and academia.

A critical success factor in NHS digital services is the protection of patient records. To this end, DHCW needed a specialist cyber security partner to provide independent assurance of the new national services through the provision of National Cyber Security Centre (NCSC) approved CHECK penetration tests and IT Health Checks. The Testing service needed to support the differing needs of multiple projects and on-going support and development of services including but not limited to:

The Solution

Following a competitive procurement process, Aristi was selected as DHCW’s cyber security partner for penetration testing services. As a CHECK accredited company with a track record of providing services to critical systems within local and central government, Aristi proposed a package of work which combined Penetration Testing and Vulnerability Testing techniques to provide a holistic view of the security posture of the target systems.

Penetration Tests are designed to achieve a specific, attacker-simulated goal. A typical goal could be to access the contents of a patient identification database on the internal network, or to modify a record in a database.

Vulnerability Assessments are designed to provide a prioritized list of vulnerabilities in the target systems through scanning for known weaknesses from lists of security issues.

The service included:

The service provided remote and onsite testing and utilised an experienced team of CHECK Team Leaders and CHECK Team Members.

A project manager was assigned to manage the delivery of the services and day to day engagement was the responsibility of an Aristi Senior Account Manager.

‍

‍

The Outcome

Our aim when delivering testing engagements is to ensure we identify and liaise with all relevant stakeholders to enable us to integrate into existing processes and form an efficient delivery team. This has certainly been the case with DHCW where a true partnership and collaborative working approach has been developed between the two organisations.

Specifically, we:

Annual contract and service reviews are conducted where all parties openly discuss progress and opportunities for improvement. Feedback has been overwhelmingly positive!

‍

‍