Multi-Factor Authentication (MFA) and the NHS England Mandate for all NHS Trusts
As of August 2023, England’s NHS Trusts are required to improve upon their existing identity security architecture using multi-factor authentication (MFA), as per the policy published by NHS Digital: NHS England: multi-factor authentication (MFA) policy.
What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA) is an effective way to enhance cybersecurity and prevent cyberattacks in NHS trusts. MFA adds an extra layer of security beyond just passwords, making it significantly more difficult for cybercriminals to gain unauthorised access to systems and sensitive patient data.
Policy requirements:
Organisations must enforce MFA on all remote user access to all systems
They must also enforce MFA on all privileged user access to externally hosted systems
Organisations must also enforce MFA on all privileged user access to all other systems
Why Must the NHS use Multi-Factor Authentication?
The National Health Service (NHS), like many other healthcare organisations worldwide, faces various cyber threats. Cybersecurity concerns in the NHS have been a prominent issue due to the sensitive and critical nature of healthcare data and services.
According to NHS Digital 2023, there are currently 31 million registrations on the NHS app!
The NHS Spine handles over 1.3 billion messages a month and at peak times, processes more than 3,200 messages a second!
88% of NHS Trusts now have an EPR in place and this is expected to rise to 91% by December 2023
52% of providers have a Digital Social Care Record (up from 41% in December 2021)
All ICSs now have a shared care record in place, enabling information to be shared between primary and secondary care
21.8 million patients in England can access their prospective GP health record online
Looking at these facts, it’s easy to see the difficulty in the mounting pressure on the NHS to keep patients and their data secure. Additionally, the NHS is already spread extremely thinly, evidenced by the priority focus placed on secondary care, with less focus on primary care facilities and their cybersecurity infrastructures.
The NHS has already taken steps to fill these gaps and improve its cybersecurity posture, including investing in training and awareness programs, updating and patching systems regularly, enhancing network security, and implementing incident response plans. However, there are more steps to be taken in order to meet the necessary requirements within the dedicated timeframe .
As an effective method of enhancing cybersecurity and preventing cyberattacks in NHS trusts, multi-factor authentication further supports these efforts, but implementing MFA can only be done by trained professionals and this is costly, certainly if you don’t have them already as part of an in-house team. Moreover, cybersecurity skills are limited and expensive and as many in the UK will know, the NHS needs to be efficient in their spending, so cost effective cybersecurity specialists are a must.
When is the Deadline?
NHS Trusts must be able to evidence progress by no later than March 2024 and have the process completed by 30th June of the same year.
As intimidating as such a short time frame is, CyberIAM are fully equipped and ready to take control and guide you to the finish line.
With CyberIAM, you have nothing to fear.
Multi Factor Authentication (MFA) Setup
CyberIAM offers in-house teams of highly trained technical and business experts who can be deployed into all NHS Trusts to implement MFA, ready with all of the skills and knowledge necessary for any identity project, removing your responsibility and cost of finding, hiring and training your own. CyberIAM’s offer of Managed Services allows you to focus on the core objectives of your business while we run and manage your BAU identity implementation beyond project completion.
To ensure we deliver the best service to our customers, we can also use our own technology, ServiceIAM. We run the platform end to end with our technical experts who can provide the service as a SaaS or an on-prem solution, depending on your individual needs, fully supporting and managing the predominantly SaaS based MFA.
It’s simple; using a winning combination of the best software and the industry’s leading delivery experts, CyberIAM provide the best market-leading identity service you could find.
Read here for more information on ServiceIAM.
CyberIAM and CyberArk Fairtrade Agreement
CyberIAM are joining forces with one of our long-trusted PAM partners, CyberArk, to enter into a fair-trade agreement, curated with the NHS Trusts interest at heart. The aim is to provide a one stop shop to specifically help NHS Trusts drive maximum value from their NHS England budget drawdowns and cut through the myriad of identity vendors and consultancies in the market. This guarantees an easy, straightforward solution for a more commercially favourable fee than standard pricing.
Want more information on multi-factor authentication?
Hit the download button below to receive our detailed brochure and see how we can help you with your MFA strategy.