TA-9601 REG: Developing the Health Sector in the Pacific - Cybersecurity Assessment of the Digital Health Project in Tonga (52037-001)

TA-9601 REG: Developing the Health Sector in the Pacific - Cybersecurity Assessment of the Digital Health Project in Tonga (52037-001)

Date Published: 19-Jun-2024

Deadline of Submitting EOI: 03-Jul-2024 11:59 PM Manila local time

SELECTION PROFILE

Consultant Type: Firm

Selection Method: Quality and Cost-Based Selection (QCBS)

Selection Title: Developing the Health Sector in the Pacific

Package Name: Cybersecurity Assessment of the Digital Health Project in Tonga

Engagement Period: 2MONTH

Consulting Services Budget: USD 130,000

Source: International

Technical Proposal: Simplified Technical Proposal (STP)

Approval Number: 9601

Approval Date: 01-Oct-2018

Estimated Commencement Date: 08-Jul-2024

ADDITIONAL INFORMATION

Country of assignment: Tonga

TERMS OF REFERENCE

Primary Expertise: Cybersecurity assessment and services

Objective and Purpose of the Assignment

Project Overview: The Introducing eGovernment through Digital Health Project is supporting the Government of Tonga’s commitment to its eGovernment initiative through implementing digital health solutions. The project is supported by the Asian Development Bank (ADB) and has two outputs that focuses on 1) improving the enabling environment to digital health in Tonga, and 2) the implementation of a National Health Information System (NHIS). The outcome of the project is to improve patient management and evidence- based decision-making to advance universal health coverage.

The NHIS is delivered through an electronic platform / application that enables patient registration, appointment scheduling, admission and medical records management, interdepartmental clinical management, pharmacy prescription, billing, as well as inventory management and integration with other existing medical systems and devices. The NHIS was first launched at Vaiola Hospital in November 2021, and has since been introduced to all health facilities across the Kingdom of Tonga by July 2023.Whilst the health system is preventing biological infections, the NHIS and its supporting infrastructure must also protect itself from malware infections and other cybersecurity threats that are increasingly targeting network integrated medical devices and hospital IT systems. A cybersecurity assessment is sought to understand the potential threats and risks associated with the implementation and operation of the NHIS, and to provide recommendations to reduce the risks to an acceptable level.ADB is the executing agency for the technical assistance (TA), and the Ministry of Health (MOH), Government of Tonga is the implementing agency of the project.Objectives: ADB is seeking the services of a consultant to perform a technical security review on the NHIS and its supporting infrastructure, with the following objectives: • To ensure that cybersecurity threats and risks in relation to the NHIS are identified, addressed and managed appropriately; • To ensure adequate controls (people, technology, process) are designed and implemented properly to protect the NHIS and the assets, including both the health data and physical assets; and, • To report and make recommendations on how to reduce risks of cybersecurity threats against the NHIS to an acceptable level.