NHS App Data Leak Shows Need for Overhaul of Security Approval Process

By   ISBuzz Team
Writer , Information Security Buzz | Sep 29, 2015 05:15 pm PST

nhs app data leakAs the NHS uses a more diverse range of application suppliers, the organisation still needs to ensure that data protection standards are met. The recent news that many NHS-accredited smartphone healthcare applications are leaking data demonstrates that NHS England’s Health Apps Library isn’t approving software that meets public sector standard requirements.

Simone Hume, Head of Public Sector at Cloud Services Provider Outsourcery comments: “The NHS is facing a critical challenge to save money and become more efficient at treating patients. Deploying innovative applications will be central to achieving this, but there is no room to cut corners by using app developers who do not meet the highest standards. Data must be stored in secure areas and applications must be enterprise grade. Both the leak of patient data from apps on the Health Apps Library and the recent 15-hour outage of Skype show the need for organisations to take care about the tools they depend upon.”

Outsourcery currently provides cloud services for the Berkshire Healthcare NHS Foundation Trust, delivering Software-as-a-Service (SaaS) Unified Communications (UC) solution Lync. One of the benefits of SaaS is that organisations like the Trust can take advantage of the latest technology, such as the recent launch of Microsoft’s latest UC offering, Skype for Business. SaaS users can easily migrate from Lync to Skype for Business with the support of CSPs.

Hume explains: “Skype for Business from Outsourcery is delivered from Outsourcery’s Pan Government Accredited platform, available through the Digital Marketplace G-Cloud Framework”. Serving specialist mental health and community health services, the Trust uses the G-Cloud to enhance collaboration, increasing productivity with a cost-effective solution. In addition, Outsourcery’s O-Cloud services are accredited to ‘Official’ level, delivered on the secure Public Services Network (PSN) (formerly IL3), meeting CESG security principles..

Hume concludes: “Our public sector services have been certified to run government classified information at ‘Official’ (including ‘Official sensitive’) levels, providing connectivity via the internet and the Public Services Network, meeting data sovereignty and security specifications for the sector. Our work with the Berkshire Healthcare NHS Foundation Trust and other healthcare providers has put us on the frontline of the demand for healthcare in the UK. Apps used by healthcare providers, as with the any part of the public sector, need to maintain extremely high standards in their approach to data protection.”

About Outsourcery

Outsourcery is a leading UK-based Cloud Services Provider (CSP), with one of the broadest offerings of cloud-based services built on Microsoft technology and best-of-breed hardware from Dell and HP, for businesses of all sizes. The company aims to remove the need for organisations to own and manage on-premises IT, Unified Communications and Collaboration applications and infrastructure.

Outsourcery offers hosted software applications (Software-as-a-Service), cloud infrastructure (Infrastructure-as-a-Service) and next generation Unified Communications and Collaboration solutions based on Microsoft Skype for Business. Outsourcery can offer both hybrid cloud and fully integrated cloud solutions to meet the needs of customers, partners and the UK public sector alike. End-users range from start-ups to FTSE-100 businesses and Outsourcery’s extensive partner base, of over 500 IT and telo providers, includes Virgin Media Business and Vodafone.

Outsourcery’s O-Cloud platform has been certified to run government classified information at ‘Official’ and ‘Official sensitive’ levels over the internet. This gives Outsourcery CESG Pan Government Accreditation (“PGA”) to meet data sovereignty and security specifications for the public sector. The company’s Assured O-Cloud platform has also been certified to run government classified information at ‘Official’ and ‘Official sensitive’ over the Public Services Network (PSN) and is aimed at central government departments. Outsourcery’s service portfolio is listed on the Digital Marketplace as part of the government’s G-Cloud initiative and it was the only UK finalist shortlisted for Microsoft’s worldwide Government Partner of the Year 2015 award.

Outsourcery is a Microsoft Certified Gold Partner with a total of five competencies, of which three are gold. As well as being the first company outside of the US to be named Microsoft’s worldwide ‘Hosting Solutions Partner of the Year’, Outsourcery is also a Microsoft CityNext Partner and Cloud OS Network Partner. Outsourcery was a founding member of the Cloud Industry Forum (CIF), fully certified to the CIF Code of Practice and Outsourcery is also a corporate member of MSDUK, a member of TechUK and holds ISO 27001, ISO 9001 and ISO 14001 standards.

Outsourcery has 110 employees, with offices in Manchester, London and Leicester. It was the UK’s first certified carbon neutral CSP.