Cyber Security Services

LHIS Cyber Security Services

We are an experienced and technically skilled team that are here to guide you through the complex and sometimes daunting world of cyber security. Whether you are looking to audit your systems to ensure your data is safe or conduct penetration testing on a secure website, LHIS IT Assurance are here to help. We are Tigerscheme accredited. We also operate within the governance frameworks of other penetration and security accreditation bodies such as: Certified Information Systems Auditor (ISACA), Certified Ethical Hacker (EC-Council), Certified Forensic Investigation Analyst (CFIA), Certified Wireless Security Analyst (CREST).

We have extensive experience of security testing web applications, both within the public sector and for other national and global organisations. We also routinely conduct such testing for central government agencies. We have experience of testing all major web application systems, including: Apache, IIS, Ngnix, Joomla, WordPress, Drupal, SQL etc.

Along with our customer testimonials, our industry awards and accreditations show our professional competence and knowledge in this specialised area. It is important to us that we give assurance to our customers that we understand the industry expectations and standards governing IT assurance.

IT Security
Review Services

The IT security review service provides day-rate based Cyberscheme certified specialist security staff to conduct comprehensive application and infrastructure security and vulnerability testing.

The LHIS technical security service is scoped individually to ensure that the specific vulnerabilities that would expose a system or organisation to attack are identified. Once identified LHIS will provide recommendations to enable the organisation to mitigate the identified threat.

LHIS Code: SEC01

Penetration Testing

The LHIS vulnerability and penetration testing services provides day-rate based Tigerscheme certified specialist security and penetration testing staff to conduct comprehensive application and infrastructure penetration testing. The LHIS penetration service is scoped individually to ensure that the specific vulnerabilities that would expose a system or organisation to attack are identified. Once identified LHIS will provide recommendations to enable the organisation to mitigate the threat. LHIS security specialists have considerable experience of supporting public sector organisations including NHS Trusts, Local Authorities, Ambulance Trusts, NHS arms length bodies, etc.

LHIS Code: SEC02

Security Auditing
and Assurance

The LHIS security auditing and assurance service provides organisations with a measurable technical assessment of a system, data centre, network, or the entire organisation, depending on the scope defined by the customer. Our IT security specialists provide feedback on areas of good practice and give visibility to any weaknesses or vulnerabilities.

Once auditing is completed, a report, together with recommendations for mitigations and remedial actions, is provided. LHIS ISO 27001 services enable organisations to comply with and if required gain ISO27001 certification.

LHIS Code: SEC03

Simulated Social

An increasingly common mode of attack for cyber criminals is email phishing whereby an email is received by a user that appears to come from a legitimate source. If the user clicks on an embedded internet link or opens an attachment, they can then be infected with malware which can infect further areas of the organisations computer systems at a rapid rate.

A particular variant of this attack is ‘ransomware’ whereby the malware encrypts computer files and the organisation has to pay a ransom to get the cryptographic keys to unlock the files. LHIS Assurance provides a tool for evaluating an organisations risk exposure to such attacks by sending their staff a specially crafted email. Although the email is benign, we are alerted to users’ actions on receipt of the email and whether it is identified as a phishing message. If a user clicks the embedded link or interacts with the associated web site, this indicates a significant risk exposure to the organisation and demonstrates the need for further awareness training.

LHIS Code: SEC04

Cyber Essentials

We have been involved with the government backed Cyber Essentials scheme since it was created and we were one of the first NHS organisations to achieve the certification.

As a result of our experiences, we now support a number of organisations in achieving the detailed requirements within the standard. To achieve accreditation your organisation will need to implement the 5 preventative controls across your IT estate which will provide a base level assurance in protecting your corporate and customer information.

We’ll provide you with a gap analysis of your current position and also provide technical support and practical advice in how to achieve the standard.

LHIS Code: SEC05

Cyber Security

We have a wide experience of providing technical security training which is targeted to the specific learning objectives of the organisation. This can include technical security controls, security incident response, digital forensics or other area where the organisation wishes to increase its skills and capabilities.

LHIS Code: SEC06

ICT Risk

Developing an effective IT security risk management framework is a core component of a robust governance framework and is a requirement of most information governance frameworks (e.g. ISO27001). LHIS Assurance can provide support and assistance in these areas and share our extensive knowledge and experience within large organisations.

This will ensure that the risk management framework provides an overview of the organisations IT security risk profile without adding additional administrative burden.

LHIS Code: SEC07

Digital Forensics

When conducting investigations, it is imperative that digital evidence is acquired in a secure and compliant manner. This is to ensure the integrity and validity of the evidence cannot be retracted. LHIS assurance has extensive knowledge and skills in this area and can support organisations where there is a need to acquire digital evidence in support of internal investigations.

LHIS Code: SEC08

Security Incident

When an IT security incident occurs, it is imperative that the processes and procedures that are used to respond are effective and prompt, to ensure the impact of the event is minimised.

LHIS Assurance can provide a tried and tested service to support organisations when such events occur. This can also include other important aspects of the security response process such as ‘root cause’ and ‘lessons learned’ exercises which are intended to provide the organisation with a mechanism for reducing the frequency and impact of such events.

LHIS Code: SEC09

Security Investigation

When conducting investigations that involve IT systems, it is important that the processes for gathering information are compliant with digital forensics standards and that the information is interpreted and presented in a structured manner.

LHIS Assurance can provide expert support and guidance in this area and can deliver a support function that meets the specific objectives of the investigation being undertaken.

LHIS Code: SEC10

IT Security Project

Most IT projects include a security component that is designed to understand and address the risks and threats to the operation of a new system or service. LHIS Assurance can support an organisation in providing services that assists in the scoping, evaluation and remediation of the identified risks. This can be conducted as part of the project management process or as a separate exercise, designed to supplement the project assurance processes.

LHIS Code: SEC11


Having achieved the ISO27001:2017 standard ourselves, we are able to share our knowledge and experience in supporting your ISO27001 journey. We can conduct an on-site assessment to highlight areas of weakness within your Information Security Management System.

At the end of this gap analysis, you’ll receive a report detailing your current weaknesses and areas for improvement. We can also support your ISMS by conducting routine audit exercises to ensure ongoing compliance with the standard.


Implementing the requirements of GDPR and the Data Protection Act (2018) can be a challenging exercise and many organisations are at different stages in their data privacy journey. You may have already have a full programme mapped out or you may still be confused as to where to start.

As GDPR qualified practitioners LHIS can provide quality assurance and advisory services to offer a comprehensive GDPR framework. We can do this by offering gap analysis support including data mapping and auditing both existing technical controls and policies/processes. We can also provide GDPR training to all staffing levels.

Secure email standard

NHS Leicestershire Health Informatics Service (LHIS) are the first public body to receive the NHS Digital DCB1596 accreditation, allowing faster and secure communication between NHS organisations, local authorities and other secure government domains

LHIS has become the first public sector organisation in the country to be able connect its own local email system to NHSmail2, allowing thousands of staff across different organisations to better communicate, and share crucial information more quickly and securely. The landmark project could now help NHS organisations throughout the UK improve the secure sharing of patient information between health and social care professionals.

Cyber Security Infographic

  • What our customers say about us!

    PRISM Product - The facility to be able to find a wide range of resources and guidelines, all located within one single IT system which can be accessed immediately is long overdue- and most welcome!


    Dr Tom Rowley,

  • What our customers say about us!

    Having access to PRISM has streamlined my referrals in the 2 week wait pathway. I know I’m sending the patient to the right service with the right information. As we put more resources onto PRISM, I am confident that this will make the life of the busy GP easier, and patient care will benefit as a result. The patient will be seen in the right clinic by the right clinician first time and everyone  will benefit.


    Dr Tony Bentley,

  • What our customers say about us!

    The team listened to the requirements, took time to understand the national and local requirements needed to ensure the feedback was captured appropriately. We had early design meetings to ensure we were happy with the app display and function. For the roll out of the app to services we had very comprehensive support and understanding from the team, great communication on updates, technical issues, user errors and general queries. As a service we have made changes to the questionnaires throughout the process and these changes have been quickly and efficiently managed. Teams ‘on the ground’ have also benefited from the fantastic support from the team, when they have had queries with the app and the devices. The database behind the app has also improved the efficiency of collating the feedback. Working with Sarah, Kerry, Mo and Rachelle from HIS has been a great piece of partnership working, and a I have learnt from them and the experience.


    Sara Lowe,
    CHS Patient Experience and Learning Manager, CHS Governance team

  • What our customers say about us!

    I am very impressed by the support and quality of work delivered by LHIS. They were very friendly and approachable in addition to their high standards of professionalism throughout the project. The team is very motivated, dynamic and enthusiastic and went beyond their limits in completing the tasks and sticking to the project deadline. they were quick in amending/ updating the content based on expert suggestions and involved clinicians in designing and developing the app. They helped in project management ie: writing the proposal, strategic planning, approval process and exploring publicity and awards. More importantly LHIS were heavily involved in marketing the app to various healthcare organisations, presentation in various academic conferences and producing the leaflets. My special thanks go to Sarah Ost who lead the project on behalf of LHIS, Kerry Cyster and Gemma Clayton. All of their input resulted in the app being nominated for the PEN (Patient Experience Network) National Awards in March 2016. I wish LHIS much success and would recommend them to anyone considering developing similar apps.


    Dr Girish Kunigiri MBBS, MD (Psy), DNB (Psy), MBA (Quality Management),
    Consultant Psychiatrist in General Adult, Clinical Director East Midlands Mental Health Clinical Networ

  • What our customers say about us!

    I greatly appreciate the support; quality and professionalism of the entire team at LHIS who helped with YOD app. They were very friendly and approachable.  The team is very motivated and enthusiastic and would go beyond their limits in completing the tasks. Although it was new venture for us as clinicians and them to be working in such an area, they were quick in understanding our clinical needs, they attended patient and care focus groups for improvising the App, amended and updated the content based on expert suggestions and were great team players to work together in designing and developing the app. More importantly LHIS supported immensely in marketing the App, presentations in various academic conferences, and producing the leaflets/pamphlets. My special thanks to Sarah Ost, Service Delivery Manager, who lead the project on behalf of LHIS; Kerry Cyster, Product & Customer Support Officer, for designing and for vigorous quality check; and Gemma Clayton, Business and Marketing Manager, for compiling/editing videos and further enhancement of the overall design making it user friendly. I wish all the success to LHIS team


    Dr Latha Velayudhan MBBS, DPM (Psy), DNB (Psy), MD (Res),
    Consultant Psychiatrist in Old Age Psychiatry Senior Clinical Lecturer (Hon), Institute of psychiatry, psychology and Neuroscience, Kings College London Reader (Hon), University of Leicester

  • What our customers say about us!

    This is coming with appreciation re the ECT app you and colleagues developed. It is comprehensive and the availability of written , visual and audio information is very useful. I also think the information for professionals if read by a patients is not daunting , which allows for ECT to be destigmatised and seen as a medical procedure which we take seriously. I am the only accredited ECT Psychiatrist for this district where I  work in Australia and recently managed to wrangle more Consultant time for ECT which will allow me to streamline the service and train Registrars. For a service which did not have trained ECT nurses, we now have them and the nurses section will be useful there. I  see this app as an useful resource and see my team using it. Wishing you the best and congratulations again to you and your team.


    Anila Jacob,
    CMC Vellore Trained Psychiatrist

  • What our customers say about us!

    I would like to thank the Leicestershire Health Informatics Service worker for sorting out all my laptop problems. Colin came out to Whitwick last week (on the same day that I phoned!). He was so helpful and sorted out several problems. Even more importantly, as far as I’m concerned, he didn’t once make me feel like a complete incompetent!! He’s friendly, knowledgeable, patient and has a great sense of humour! I do hope that you can identify him through looking at the call out log for last week. He really does deserve to get a Customer Service Award.  


    Sharon Gregory,
    Health visitor

  • What our customers say about us!

    Your IT accounts administrator, has provided prompt, efficient and effective support to us, not just over the last year but for as long as I have known him. He is unfailingly polite, cheerful and approachable – significant qualities for those of us who are less than ‘experts’ and very much appreciated. It goes without saying that his advice and expertise is accurate and reliable and this, added to his admirable attitude, makes him a staff member Leicestershire Health Informatics Service should be proud of.


    Julie Glover,
    Resource Manager