Scope: St. Vincent’s supported a Hertfordshire based NHS Trust in a programme to transform the technical capability of their combined hospitals to deliver patient care. A major part of this programme was the implementation of two digital solutions. Key steps included: extending the scope of our delivery; flexibly altering services; external reviews; and navigating a major cyber-attack. The latter was so severe it caused the go-live date to be delayed as outlined below.
Role in the delivery of the contract:
Engagement began after the commencement of the Trust’s digital transformation programme. Therefore, they already had a project plan and skeleton resource in place to meet deliverables. It was critical that the St. Vincent’s team worked closely with existing resources to meet mutually agreed deliverables. We worked in tandem with the Trust to create Statements of Work (SoW) with clear and measurable deliverables, ensuring that it could be demonstrated the programme was progressing as planned.
A significant obstacle was the May 2017 cyber-attack (which was not related to the St. Vincent’s scope of work but did impact our projects). A Digital Health article described it as follows:
“The 12 May cyber-attack caused havoc around the world and in England dramatically impacting the NHS. A total of forty-eight trusts were infected by the ransomware which exploited a known Microsoft vulnerability…Normal activity resumed on 19 May, and the trust said no patients were harmed as a result of the cyber-attack.”
Due to the severity of the attack St. Vincent’s had to be extremely flexible and act in the best interests of the programme. The solution was a cyber-attack recovery plan which involved 42% increase in training classes, managing dual running assurance activities, data quality and data migration improvements and Blue Prism setup. This meant delaying the go-live, supplementing services and altering the project plan, deliverables and milestones. St. Vincent’s also agreed to provide a reporting service, not previously within the scope of deliverables. This was required so that complex technical problems resulting from the attack could be monitored and resolved. This involved shouldering the current service, over and above current deliverables and mitigation efforts, and turning it around in time for the go-live. A measure essential to the success of the implementation. Accordingly, the implementation was delivered on time and within budget and St. Vincent’s continue to work with the Trust.