Case study

NHS Hospital steps up its Remote Desktop Cyber Security with Awingu MFA


Client: Worcestershire Acute Hospitals NHS Trust

Industry: National Health Service (NHS)

Services: Awingu, Microsoft

Improved Security and Compliance at Worcestershire Acute Hospitals NHS Trust

The Hospital


Worcestershire Acute Hospitals NHS Trust (The Trust) were enhancing their cybersecurity through the adoption of Multi-Factor Authentication technology (MFA) for end-users to log in to their remote access solution, powered by Awingu. Altiatech deployed a seamless solution, including an enhanced service desk and enrolment processes, to allow over 3,000 users to be enrolled into MFA without impacting The Trust’s existing services and support. This support ensured that immediate access to clinical systems was maintained and that users were supported, while they got to grips with the new MFA process and software.


Worcestershire Acute Hospitals NHS Trust provides NHS services to some 580,000 people in Worcestershire County and the surrounding area, with hospital-based services in Redditch, Kidderminster, and Worcester. The Trust employs over six thousand staff, supported by some eight hundred volunteers.

An Awingu portal is an essential part of the remote access solution provided by Altiatech to The Trust. The portal enables The Trust’s staff to access Trust internal applications and data for Business As Usual (BAU) activities, independent of the location of the user or which device they are using.

Initial analysis suggested that the MFA enrolment was not technically complex, but many users would require support, as they had no experience of installing and using MFA cybersecurity products. 


Michael Francis, Digital Project Manager


“The project was a resounding success, and all our goals were achieved, including secure remote access and an enabled workforce. With the deployment of MFA, even if a user’s credentials are compromised, The Trust is more secure as “bad actors” cannot access the system without the extra authentication process, ensuring long-term security”.

The Challenge

The Trust had several challenges with the implementation of the mandatory MFA deployment, as part of a cybersecure compliance policy. These included:


  • 3000 users requiring the MFA software to be installed to their phones.
  • A six-week window for the implementation and adoption of MFA across The Trust.
  • NHS Digital had witnessed that remote access systems were being actively targeted by cybercriminals to gain access to individual and Government data. The Trust had been told that enabling MFA was mandatory make the existing non-compliant solution compliant.
  • A need for a communications strategy to be defined and rolled out to users that would provide information on why the changes were required, and what the user journey would be like though the transition process.
  • The Trust did not have the help desk resources to set up dedicated support for the MFA deployment in the six-week implementation window. Therefore, Altiatech created a an Enhance Service Desk team to support end users with the installation of Microsoft Authenticator and its day-to-day use. This team worked with the existing service desk teams to train and set up MFA as a BAU process, once the compliance implementation had been completed.
  • Users of the Awingu portal include both The Trust’s medical, and non-medical staff, to access patient medical records and other essential information. End users require uninhibited access to the portal; if end-users become locked out from the portal, this could potentially impact ongoing patient clinical care.


The Trust recognised that they needed a partner with expertise in both MFA and Awingu to overcome these challenges and ensure a successful and compliant implementation within the mandate deadline. Fortunately, Altiatech had the experience with both Awingu and MFA, and were able to support The Trust.

The Solution

Following a review of the challenges faced by The Trust, Altiatech created a project plan, with the key goal of meeting the project’s deployment deadline. The project plan detailed the components and resources required to achieve this. The Altiatech approach was both comprehensive and flexible, giving The Trust a clear Project Task List with options to scale up and down their involvement, as well as the pace of the roll-out. The project plan included:


  • Capturing tasks and activities from design, and implementation to handover, including the training of the IT help desk staff to enable the transfer of MFA to the BAU process post-deployment.
  • Mobilising an Enhanced Service Desk for users that required additional support, together with rapid response via a combination of emails, and telephone support with “call-backs” at a time convenient for users. The Enhanced Service Desk also included additional agents at peak times to support The Trust’s help desk as dedicated MFA project specialists.
  • Creating automation of self-help tools, so users could request exceptions to MFA, place and receive support calls, and reset their MFA credentials where necessary.
  • Creating a communications plan, compliant with The Trust’s Quality Standard, including literature and guides, so that end users could understand how to implement MFA on their devices.
  • User Acceptance Testing with IT literate, clinical, and admin end users, prior to the main roll-out. This empowered users to self-serve and install Microsoft Authenticator, validating the communications plan, and the effectiveness of the Enhanced Service Desk with support requests.
  • A staggered implementation roll-out across The Trust’s staff, with advance notice communications of the subsequent enforcement of the MFA policy.

The Outcome

The Trust was able to achieve a compliant, on-budget deployment of MFA cybersecurity to all users within the six-week deadline. During the roll-out, over 300 users benefited from the Enhanced Service Desk for assistance with their Microsoft Authenticator installs. None of The Trust’s end users were blocked-out from the Awingu portal during the deployment, so clinical care was not impacted by the implementation of MFA across The Trust’s staff.


Additionally, the existing support teams were trained to support new users and adopt best practice processes designed by Altiatech.


To capture user feedback, Altiatech surveyed The Trust’s staff to determine their experience of mandatory MFA enforcement. This survey found that users had understood why the MFA enforcement was being implemented, and those users who required help from the Enhanced Service Desk reported a high level of satisfaction with this support.  The Trust’s Management also confirms that they we satisfied with the project outcomes of achieving MFA compliance for the essential IT system used by The Trust.


“Surprisingly, it was easy to set up” – a user who successfully followed the MFA guide and did not require additional support.


“It was a task that had to be completed” – a user who recognised the need to enforce MFA and strengthen cyber security.


Share by: