Imperial College Healthcare NHS Trust

Automated patching. Independent advice and insights. Optimising existing investments.

“The cyber security experience held in the BlueFort team is clear. We find it really valuable to have open, honest conversations about our strategic security plans and get BlueFort’s insights and advice to help us plan our future.”

Adrian Lau, Infrastructure Manager, Imperial College Healthcare NHS Trust

Key challenges

  • Requirement to patch key systems with latest security & vulnerability fixes to ensure compliance
  • Fixed and limited budgets to meet cyber security challenges
  • Stretched in-house cyber security resources
  • Requirement for trusted, accredited support partner to ensure successful project implementation at reliable fixed cost model

Key outcomes

  • Centralised deployment and automation of automatic patching to free up critical resource
  • Introduction of BlueFort Evolve support model to ensure that software is optimised
  • Automated patching of server estate with completed automated patch success rate of 95%

Background

Imperial College Healthcare NHS Trust provides healthcare in northwest London across five hospitals to around 1.5Million people annually. With the aftereffects of the WannaCry cyberattack still rippling within the NHS, there is a particular emphasis placed by NHS Digital on the importance of patching to improve each NHS organisation’s security posture. Patching is particularly difficult within a hospital environment, a patch could compromise device efficiency and an upgrade to that device to be compatible with the latest patches can often be budget prohibitive.

Before the installation of an automatic patching solution Imperial College Healthcare NHS Trust was spending a considerable amount of time manually patching their servers. Patching was often adhoc and even with tools such as WSUS they were dedicating at least three days per week on manual patching.

One of the cornerstones of a project to automate this process was to agree a fixed patching window with all the hospital departments. Steve Anthony, Technical Security Manager explained, “The automation project was a great catalyst to enable us to set an agreed patch window with each of the hospital departments. This is now a fixed 1.5hr window each week where we patch all of the servers, allowing us to maintain a high percentage of patching with minimal - if any - service disruption. Consequently, we now have a framework in place so we can push through critical patches swiftly.”

Steve, went on to explain “When the Bluekeep security vulnerability hit in 2019 we were required to be patched against it within 14 days. Because we had the automatic patching infrastructure in place this was a relatively simple task for us, we were able to patch well within the two-week window.”

Convenient fixed price support packages

Budgets and resource are tight within the NHS so after an initially significant investment in patching technology, the team at Imperial knew that they would need to invest further for comprehensive installation and configuration support. The costs from some suppliers were prohibitively expensive and inflexible so the team began to look for alternative options.

BlueFort’s fixed price consultancy packages and technical accreditations made choosing BlueFort to support the implementation of the patching project a no-brainer. With assurance that a manufacturer certified engineer would be provided, there would be a fixed project cost and a diligently scoped plan before commencing works, the engagement was simple and effective.

Commenting on why they chose to partner with BlueFort, Adrian Lau, Infrastructure Manager explained, “We were already seriously considering BlueFort based on their accreditations and service offerings alone but we were really surprised to discover that pricing was based on a deliverable outcome rather than the number of days spent working on the project. This is relatively unheard of in the industry but has been incredibly beneficial to us.”

Optimising existing investments

Although the initial aim was to improve the server security with a more rigorous and routine patching schedule, Imperial College have unlocked additional features and functionality across their server estate, they have also noticed that server performance has improved significantly. The management is much simpler too, with a centralised place where they manage patching; from here the team can also easily pull reports for meetings should they need to.

Independent advice & insights

One of the key benefits of Imperial College Healthcare NHS Trust’s ongoing partnership with BlueFort is the provision of honest, vendor-agnostic, cyber security advice. Adrian concluded; “Everyone we worked with at BlueFort was very experienced and knowledgeable about automated patching technology.

It’s refreshing for us to have an account manager who understands the technology, it negates the need for a constant back and forth of dialogue. The Cyber Security experience held in the BlueFort team is clear & we find it really valuable to have open and honest conversations about our strategic security plans to get BlueFort’s insights and advice to help us plan our future.”