Skip to main content
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. All references to NHS Digital now, or in the future, relate to NHS England. More about the merger.

Vulnerability Monitoring Service

The Vulnerability Monitoring Service (VMS) provides a scan of your organisation's IP addresses to help identify any cyber security risks. Find out more about the service, including the benefits and how to register.

Vulnerability reporting service

If you have found a vulnerability in an NHS system, please report it via the National Cyber Security Centre.

About the Vulnerability Monitoring Service

The service is a scheduled and regular non-intrusive external vulnerability scan to assess vulnerabilities.

It can help you to identify and prioritise which actions to take to improve your organisation’s cyber security levels. 


The VMS can:

Who the service is for

This service is currently available for all NHS Trusts, CCGs and CSUs.

What the scan involves

You need to provide the IP ranges that need scanning. This list needs to be reviewed periodically to ensure it's still valid. 

An independent team will carry out the scanning. This involves a detailed technical review of your organisation’s perimeter, identifying any risks and issues.

After the scan

You'll receive a detailed report within 10 working days of the assessment, outlining the highest risks and critical areas. The report will include suggested actions, along with how we can support your organisation.

To support progress, we offer a range of services to help with remediation.

Register for the service

To register for the service, email

Please include the following information for two suitable contacts in your organisation:

  • Names

  • Job roles

  • Email addresses

  • Phone numbers

The team will be in touch to confirm which IP addresses to scan.

Last edited: 10 June 2021 4:20 pm