We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. All references to NHS Digital now, or in the future, relate to NHS England. More about the merger.
The Vulnerability Monitoring Service (VMS) provides a scan of your organisation's IP addresses to help identify any cyber security risks. Find out more about the service, including the benefits and how to register.
The service is a scheduled and regular non-intrusive external vulnerability scan to assess vulnerabilities.
It can help you to identify and prioritise which actions to take to improve your organisation’s cyber security levels.
The VMS can:
Improve your organisation’s cyber security and increase patient safety.
Contribute towards your Data Security and Protection Toolkit (DSPT) return by achieving the vulnerability assessment requirements.
Fulfil your obligations under the Network and Information Systems (NIS) directive and prepare for the cyber security element of the Care Quality Commission (CQC) inspection.
Provide resource efficiencies and improved effectiveness by targeting known vulnerabilities.
Who the service is for
This service is currently available for all NHS Trusts, CCGs and CSUs.
What the scan involves
You need to provide the IP ranges that need scanning. This list needs to be reviewed periodically to ensure it's still valid.
An independent team will carry out the scanning. This involves a detailed technical review of your organisation’s perimeter, identifying any risks and issues.
After the scan
You'll receive a detailed report within 10 working days of the assessment, outlining the highest risks and critical areas. The report will include suggested actions, along with how we can support your organisation.
To support progress, we offer a range of services to help with remediation.