Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

Vulnerability Monitoring Service

The Vulnerability Monitoring Service (VMS) provides a scan of your organisation's IP addresses to help identify any cyber security risks. Find out more about the service, including the benefits and how to register.

Vulnerability reporting service

If you have found a vulnerability in an NHS system, please report it via the National Cyber Security Centre.

About the Vulnerability Monitoring Service

The service is a scheduled and regular non-intrusive external vulnerability scan to assess vulnerabilities.

It can help you to identify and prioritise which actions to take to improve your organisation’s cyber security levels. 


The VMS can:

Who the service is for

This service is currently available for all NHS Trusts, CCGs and CSUs.

What the scan involves

You need to provide the IP ranges that need scanning. This list needs to be reviewed periodically to ensure it's still valid. 

An independent team will carry out the scanning. This involves a detailed technical review of your organisation’s perimeter, identifying any risks and issues.

After the scan

You'll receive a detailed report within 10 working days of the assessment, outlining the highest risks and critical areas. The report will include suggested actions, along with how we can support your organisation.

To support progress, we offer a range of services to help with remediation.

Register for the service

To register for the service, email [email protected].

Please include the following information for two suitable contacts in your organisation:

  • Names

  • Job roles

  • Email addresses

  • Phone numbers

The team will be in touch to confirm which IP addresses to scan.

How this service aligns with the Cyber Assessment Framework

Open the expanders below to find out how this service aligns to the principles and outcomes of the Cyber Assessment Framework (CAF).

Objective A: Managing security risk

A1.b Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.

A2.a Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities.

A2.b You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.

Objective B: Defending systems against cyber attack

B4.a You design security into the network and information systems that support the operation of essential functions. You minimise their attack surface and ensure that the operation of the essential function should not be impacted by the exploitation of any single vulnerability.

B4.b You securely configure the network and information systems that support the operation of essential functions.

B4.d You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function.

Objective C: Detecting cyber security events

C1.a The data sources that you include in your monitoring allow for timely identification of security events which might affect the operation of your essential function.

C1.c Evidence of potential security incidents contained in your monitoring data is reliably identified and triggers alerts.

C1.d You contextualise alerts with knowledge of the threat and your systems, to identify those security incidents that require some form of response.

C1.e Monitoring staff skills, tools and roles, including any that are outsourced, should reflect governance and reporting requirements, expected threats and the complexities of the network or system data they need to use. Monitoring staff have knowledge of the essential functions they need to protect.

C2.a You define examples of abnormalities in system behaviour that provide practical ways of detecting malicious activity that is otherwise hard to identify.

C2.b You use an informed understanding of more sophisticated attack methods and of normal system behaviour to monitor proactively for malicious activity.

Last edited: 15 November 2023 4:23 pm