October 27, 2020
Background & Overview
Founded in 1988, Cygnet Health Care has, for more than 30 years, provided specialist mental health treatment, rehabilitation and support services, working closely with the NHS to ensure the highest quality of care is provided to all patients.
With a dedicated care team of more than 8,800 employees, working across 150 sites nationally, Cygnet Health Care continually strives to make a positive difference to the lives of more than 3,000 individuals, through a wide range of specialist services for individuals with mental health needs and learning disabilities within the UK.
Project Requirements
As a large and diverse organisation, spread across 150 UK locations, Cygnet Health Care’s IT footprint is both large and complex, supported by a dedicated in-house IT team to allow Cygnet to efficiently manage their network.
Working in healthcare, Cygnet has always understood the importance of prioritising the security of patient data amongst other sensitive data. In 2018, Cygnet wanted to engage with a specialist cyber security provider to assess and review their cyber security controls and current security posture.
Specifically, Cygnet were looking to stay ahead of the security battle with a comprehensive assessment of their security to understand what was needed to remain secure, secure given the increased complexity of threats and the size of their estate which has grown by acquisition.
The Solution
The first phase was to baseline Cygnet’s current security posture, to review and understand existing security processes, technologies & controls.
To do this, CyberOne conducted a range of security assessments and consultancy projects to provide both a holistic and objective grading of the current state of Cygnet’s security controls, with additional penetration tests and vulnerability scans to uncover any critical security exposures in Cygnet’s network.
From this baseline, CyberOne were able to provide a graded programme of improvement, which broadly fell into three core activities:
- Programme of identified improvements across Cygnet’s people, processes and technologies, prioritised by risk based on CyberOne’s review & identified recommendations.
- On-going programme of penetration testing / vulnerability scans tovalidate improvements, identify any new known vulnerabilities and drive a continual programme of testing, improvement and review to ensure the highest levels of security governance are maintained.
- Elevate Cyber Essentials certification to Cyber Essentials PLUS – WhileCyber Essentials certification provides a good baseline, Cyber Essentials PLUS provides a higher security bar and will become a requirement for NHS suppliers to achieve the highest level of certification.
The identified programme of improvements and on-going security assessments would ensure Cygnet was employing best practice security process, with an on-going programme of assessment to identify and address any new cyber security risks faced.
Benefits & Big Wins
- Understanding current security posture: CyberOne helped Cygnet realise where they stood in terms of security and addressed any discovered vulnerabilities to protect them from potential risks.
- Level of risk defined: Cygnet gained an objective understanding of the risks faced, specific to their business, and what their security priorities were.
- On-going security programme: An improvement programme, together with on-going security assessments has provided Cygnet with a comprehensive security toolset and a robust programme to regularly assessment & improve security.