City Health Clinic obtains Cyber Essentials Accreditation

The challenge

City Health Clinic came to Texaport with a number of specific IT, cyber security, and compliance issues that they needed resolving. Due to them handling large quantities of personal information, they have a legal duty to store and process their patients’ data in line with GDPR legislation. Their existing policies and systems were not enabling them to confidently meet this requirement and they needed help identifying and addressing the gaps.

As a healthcare provider, it was vital that patients’ confidential data was stored safely and securely, but City Health Clinic were worried about the lack of transparency that their existing IT provider was giving them. One of their largest clients, a global brand, had recently updated the cyber security requirements for all their suppliers, and City Health Clinic were not confident that they could meet the new criteria with their existing IT manager.

As well as this, the value of the clinic’s existing managed IT service had decreased to the extent that they no longer believed that the initial service level agreements (SLAs) were being met. Far from proactively managing their IT environment, the provider was either slow to respond when alerted to issues, or entirely unresponsive.

The solution

Texaport carried out a bespoke audit of City Health Clinic’s cyber security footing, generating a report which detailed the gaps and advised how to address them. We recommended that they get the Cyber Essentials certification with additional Information Assurance for Small to Medium-sized Enterprises (IASME) governance.

To support this, we provided GDPR consultancy, helping them implement systems to handle their patients’ sensitive data lawfully and responsibly. Our consultancy was tailored to precisely meet the exacting requirements of their major client.

We improved the health of all their company devices, ensuring that security and operating system updates were installed according to a regular timetable. To prevent passwords from being compromised, we assigned each member of staff their own account and put minimum password complexity rules in place.

We introduced leading antivirus and antimalware technology which proactively guards against viruses, seamlessly eliminating any threats it identifies. As well as this, we established an advanced mail filtering system, which scans all in- and outbound messages to prevent suspicious emails from even reaching users’ inboxes.

Additionally, having discovered that the previous supplier hadn’t installed their wireless access points correctly, we laid new data cabling, enhancing Wi-Fi connectivity throughout the building.

The result

City Health Clinic chose to work with Texaport because of our relevant previous experience in the healthcare sector - and specific expertise in the dental health industry. From the outset they were able to rely on our capability, without wasting any time or effort getting us up to speed. And due to our familiarity with dental practise software, we have been able to advise on and optimise use of their existing platform.

They successfully achieved their Cyber Essentials certification, boosting the practice’s data security to the level specified by the major client, and meeting GDPR requirements. This kept them compliant with current legislation and the rigorous expectations of the healthcare industry.

As a result of our consultancy and upgrades, City Health Clinic exceeded the cyber security standards set by their high profile client. They were able to extend the contract, and continue providing first class dental care to the firm's employees.