Technical remediation

Our centrally funded technical remediation service offers support to commissioned health and social care organisations to help review and improve their cyber security

About technical remediation

Our technical remediation service is designed to help health and social care organisations to reduce the risk of ransomware and malware attacks by identifying and improving weaknesses within their systems.

The aim is to ensure your solution follows the National Cyber Security Centre (NCSC) guidelines and adheres to the core principles:

The work is delivered by our specialist supplier. The effort required from your organisation will vary depending on your needs. The intention is to keep your involvement to a minimum to make it as easy as possible.

Any requests that we cannot currently meet will be captured as business demand and evaluated to determine if a new offering can be scoped and provided in the future.

Benefits

Technical remediation is a critical part of any cyber security strategy as it ensures weaknesses are quickly identified and resolved. By undertaking technical remediation, your organisation will

improve security and cyber resilience at no cost to your organisation, technical remediation is a centrally funded service

reduce the risk of your essential services being taken offline, which has potentially life-threatening impact to patients

have greater confidence that you understand the risks specific to your organisation and what steps you can take to reduce them

improve confidence at board level that current issues are being practically resolved

get independent reports that will support a business case for investment

What we offer

Our specialist supplier will work with your organisation to provide technical remediation.

Your NHS cyber security regional lead will support this work. Email [email protected] if you do not know your cyber regional lead or you would like them to get in touch with you.

Secure backup review

Assessment of your organisations existing backup and recovery solution to identify security risks, highlighting gaps between your infrastructure and the NCSC guidelines, and providing remediation recommendations.

How it works

Intelligence has indicated that healthcare and public sector organisations are being targeted with ransomware and malware attacks designed to gain access to backup solutions and encrypt the backup data as a precursor to a wider-scale ransomware attack.

This places utmost importance on implementing a robust backup solution that can resist targeted cyber-attacks and to allow the organisation to recover from an attack when needed.

1. A remote project kick-off with all stakeholders focuses on gathering information about the organisation.

2. A workshop will ascertain whether the current backup and recovery function is suitable for, and adheres to, the guidelines given by the NCSC to mitigate risk against a cyber-attack.

3. Data discovery exercise to obtain data to guarantee that all critical systems are covered in the existing design, this will take the form of an active scan against the environment to identify all live hosts and the volume of data for backup.

4. A report providing a detailed alignment or non-alignment, and recommendations on how align with industry best practice, will be sent to you.

This will take 9-12 weeks, the effort required from your organisation will vary depending on needs.

Next steps

Following the report, an output of the review should be discussed with your NHS cyber security regional lead to discuss follow-on remediation and next steps.

More information can be found on the technical remediation hub.

Active directory review

Assessment of your organisation’s active directory deployment to identify security risks, highlight gaps between your infrastructure and the NCSC guidelines and provide remediation recommendations.

How it works

The review highlights the most common critical issues that directly affect security and operations. These are the issues which, when remediated correctly, will greatly increase the security of the active directory itself, its host platform, and the infrastructure that it serves.

1. A remote project kick-off with all stakeholders focuses on gathering information about the organisation.

2. A security review examines misconfigurations and security concerns. The security scope breaks down into multiple smaller scopes starting with the largest security realm (the forest) and ultimately focusing on a few small but crucial endpoint settings.

3. A report providing a detailed alignment or non-alignment will be sent to you, providing recommendations for critical and high-risk findings for both security and functional issues on how align with industry best practice.

This will take 6-9 weeks, the effort required from your organisation will vary depending on need.

Next steps

Output of the review should be discussed with your NHS cyber security regional lead to discuss follow-on remediation and next steps.

More information can be found on the Cyber Associated Network (CAN) Active directory remediation hub

Backup remediation reassessment

If you have completed the above secure backup review and your organisation have made all reasonable efforts to undertake the recommend remediation activities, you wish to reassess your backup environment if it was previously considered as being out of alignment.

How it works

The intent of the review is to assist you in understanding whether your organisations backup platforms could now better withstand a targeted cyber-attack and enable you to recover their critical data in a timely manner to reduce disruption to operations. The process flow for delivering this service is detailed below.

1. A workshop will be organised by our supplier to discuss implemented changes.

2. A review will take place of the original secure backup review report and updated documentation/ evidence provided by the service recipient.

3. A report will be provided with an addendum to the original secure backup review report which will be versioned with the findings from the reassessment of the information provided and will present the alignment or non-alignment for the proposed architecture based upon the NCSC principles.

This will take 6-9 weeks, the effort required from your organisation will vary depending on need.

Next steps

Output of the review should be discussed with your NHS cyber security regional lead to discuss follow-on remediation and next steps.

Bespoke remediation package

Organisations can request consultancy support and expertise to scope and deliver remediation support following a secure backup review or active directory review, as well as support for bespoke remediation.

Find out more

Reconfigure existing systems to bring them into alignment with NCSC guidelines and provide consultancy to help implement changes that address the root causes of identified risks to reduce the likelihood of reoccurrence, in areas such as design, deployment, configuration, upgrades and health.

Remediation is scoped on an individual basis.

Timeline: the effort required from your organisation will vary depending on your needs.

Technical remediation hub

Through the Cyber Associates Network (CAN), you can access our technical remediation hub, where you will find:

a series of webinars on a range of technical subjects
technical guides and videos covering topics such as legacy authentication and encryption protocols, group policy object configurations and role-based architecture
access to one-hour informal consultancy sessions with a subject matter experts. Get in touch with your cyber regional lead to discuss this offering further

The CAN is available to all NHS and social care organisations and provides a range of support. You will need to register to access the technical remediation hub, as well as other membership benefits.

Discover more and register for the CAN

ARTICLE

Cyber Associates Network

NHS England have established a free network of cyber security expertise across public-sector health and care.

How to apply

To apply for the services that offered as part of technical remediation, register for the customer portal.

Then click request something and technical remediation.

If you need help accessing the customer portal use the NHS Digital Portal user guide.

How this service aligns with the Cyber Assessment Framework

Open the expanders below to find out how this service aligns to the principles and outcomes of the Cyber Assessment Framework (CAF).

Objective A: Managing security risk

A1.b Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.

A2.a Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities.

A2.b You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.

Objective B: Defending systems against cyber attack

B2.a You robustly verify, authenticate and authorise access to the networks and information systems supporting your essential function.

B2.c You closely manage privileged user access to networks and information systems supporting the essential function.

B3.a You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions.

B3.c You have protected stored soft and hard copy data important to the operation of the essential function.

B4.d You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function.

B5.b You design the network and information systems supporting your essential function to be resilient to cyber security incidents. Systems are appropriately segregated and resource limitations are mitigated.

B5.c You hold accessible and secured current backups of data and information needed to recover operation of your essential function

Objective D: Minimising the impact of cyber security incidents

D1.c Your organisation carries out exercises to test response plans, using past incidents that affected your (and other) organisation, and scenarios that draw on threat intelligence and your risk assessment.

Last edited: 27 November 2024 11:16 am