With the certification in Cyber Essentials under our belt, alongside those in ISO 27001:2017 and ISO 27701:2019, we are well placed to keep working with NHS trusted partners

After recently obtaining both ISO 27001:2017, which covers security management, and ISO 27701:2019, on the management of privacy, we are pleased to announce that we have been certified under the UK’s Cyber Essentials scheme.

Devised and backed by the UK government, Cyber Essentials is a key standard that healthcare providers can meet in order to demonstrate that they have a robust set of cybersecurity controls in place.

The standard has been designed to help protect against 80% of all cyberattacks, and is a key part of the cybersecurity apparatus that organisations in the digital health space in the UK have been advised to have in place before the end of 2021.

Cybersecurity matters everywhere—but it is especially important across the entire digital health space, a fact that has recently been recognised with some urgency and not a little trepidation, as providers have seen the consequences of not having adequate protections in place.

The fact is, this space is a magnet for cyberattacks, for a number of reasons. Data on personal health is highly valued on the black market. And with ever-greater amounts of data going online, and health systems being stretched to capacity by the pandemic, it’s no surprise that hackers are having a real field day. The WannaCry attack on the NHS is just one example—there are scores of others. Cyber Essentials is part of the response to this urgent and evolving situation.

Jo Van Der Auwera

"This latest certification is one more feather in our cybersecurity cap—a further sign of our abiding commitment to data security and privacy."

To be awarded the Cyber Essentials certification, we had to show that we have a robust digital apparatus in place to protect against the most common cyberattacks. Among other things, this certification means that we can continue to do business with trusted NHS partners, while at a more general level, this certification complements our ISO 27001:2017 and ISO 27701:2019 certifications. It is another tool in our company’s arsenal against the increasingly sophisticated methods that hackers have been using to profit both from hijacking entire health systems and selling individuals’ data.