Email 999 An Emergency Call to the NHS to Enhance Email Security


A Country-wide Epidemic

NHS organisations across the UK increasingly rely on email as a primary communications method. While a significant proportion of IT budgets are spent annually on email security to protect employees, patients and the healthcare infrastructure, current solutions cannot keep up with the rising amount and complexity of inbound threats such as spam and viruses.

Not only do NHS organisations need to consider the escalating cost and complexity of maintaining 'point products' for spam and viruses, but they must also ensure the security, integrity and confidentiality of communications outside the NHS. This must be done in order to comply with regulatory requirements and avoid exposing confidential information that could result in potential fines and legal liability.

Failure to secure email involves both direct and indirect costs. The inadequate protection against "inbound threats" can lead to the collapse of an email infrastructure or worse, a virus can bring down an entire network.

But indirect costs are also taking their toll including lost productivity and low employee morale from sorting through unwanted, offensive and even pornographic spam, not to mention additional capital expenditures that are made to keep pace with the exponential growth of email volume.

In addition, as compliance and privacy regulations gain momentum, inadequate protection of outgoing email communications can be costly and devastating.

Could You Be Liable?

Email has streamlined and improved the ability to communicate sensitive, time-critical information such as patient diagnoses, research activities and drug treatment programs with other NHS organisations, hospitals, doctors, specialists, pharmacists and others. However, all of this information is highly confidential and as a public authority that holds records and information, NHS organisations are subject to the Data Protection Act and the Freedom of Information Act.

This means that strict records management and controls are required for email because they represent an important part of an NHS organisation's corporate memory. Emails are subject to the same rules as other forms of recorded information and therefore are considered part of the NHS policies and procedures about how private information is managed and stored, ensuring that only the proper individuals or systems have access to private information.

Freedom of Information & Data Protection Act At-a-Glance


Protect personal and confidential information held about individuals in computerised form


All NHS Organisations


Access control, authentication, message encryption, anti-virus


Feedom of Information Act was passed in Nov 2000 and full access granted in Jan 2005. Data Protection Act came into affect March 2000


Contempt of Court and maximum sentence punishable is two years imprisonment for the accountable officer

Top 10 Capabilities which an NHS Organisation Needs for End-to-End Email Security

NHS organisations need to look at the problem of email threats, but also compliance and content control, not as individual silos of independent issues, but as a broader comprehensive mandate. Several essential features and capabilities are required for total email security, privacy and compliance. These include:

  • Monitor all messages
  • Protect against ALL inbound threats in a single solution
  • Meet regulatory requirements
  • Real-time and after-the-fact content inspection
  • Scanning of attachments
  • Tight integration with existing email systems
  • Flexibility in defining the actions you can take upon messages
  • Quickly and easily define or modify content policies
  • Reporting for quick checks
  • Contingency in case of system failure

MXtreme Mail Firewall for the NHS

MXtreme is a comprehensive email security, privacy and compliance solution that enables NHS organisations to prevent inbound threats, control outbound content and centrally manage their email infrastructure.

MXtreme takes a new multi-layered approach to email security to proactively detect and prevent all email threats, and offers an integrated approach that is a complete solution for email, consolidating disparate point solutions in one system. MXtreme provides unprecedented granular content management that is integrated with secure content delivery to ensure information is secure and regulatory requirements are met.

MXtreme is the only email security appliance on the market to have passed the Common Criteria EAL4+ certification. This level of certification is recommended for perimeter security devices connecting to the NHSnet and will greatly assist in satisfying the code of connection. MXtreme shares many components, including a proven hardened operating system, with the BorderWare Firewall server, a general purpose firewall that is currently deployed widely in NHS organisations.

By controlling both inbound and outbound messages, MXtreme enables organisations to enforce policies whilst maximizing the protection, confidentiality and integrity of information required. MXtreme provides the capabilities that the NHS needs to secure, examine, determine, deliver, and report on their email messaging systems, reduce costs, and take a major step towards meeting compliancy requirements.

NHS - Rising to the Challenge

NHS organisations must take steps now to prevent, control and manage email holistically with a comprehensive email security solution that:

  • Prevents all email threats before they impact internal resources
  • Controls internal information, and outbound communications to ensure integrity, and confidentiality guidelines are enforced
  • Manages email centrally and ensure systems are always available and no messages are ever lost in the event of a system failure

As Graeme Robinson, Network Systems and Servers Administrator at North East Wales NHS Trust explains: "We were looking to overcome a number of problems. Firstly to reduce the volume of spam email we received and thereby increase staff productivity and save money. Secondly to reduce the load on our servers, and thirdly to improve staff morale by removing offensive spam emails.

During the tender process, we reviewed a number of alternatives, most of which were software based. MXtreme Mail Firewall was the only hardware solution and it met all of our requirements and more by offering a standalone box that was upgradeable, scaleable and very cost effective.

Now in place, it is - without doubt - a vital piece of our equipment." Robinson admits that they couldn't have survived as many virus attacks without it. Moreover, it saves the technicians and helpdesk a lot of time. MXtreme has become so invaluable to the Trust that they have invested in a second box to act as a failover system."


To successfully secure email, NHS organisations need to carefully assess their current and future email compliance and security needs and make strategic planning and purchasing decisions. By taking a proactive approach to email security, NHS organisations will be ready for not only inbound email threats but also ready to take the next step in the evolution of email compliance and control requirements.

BorderWare Technologies is the preferred email security provider for the NHS
Phone: 020 8759 1999