Tender for Cybersecurity Hardware and Software Procurement at a Polish Public Healthcare Center Hospital

Project Background: Co-financed by the National Recovery and Resilience Plan, as part of Investment D1.1.2 "Accelerating the digital transformation process in healthcare through the further development of digital services in the healthcare sector", which belongs to Component D "Efficiency, accessibility and quality of the healthcare system". Competitive recruitment number KPOD.07.03-IP.10-001/25. The project aims to significantly improve the hospital's digital service level and resilience against cyber threats, ensuring patient data security and continuity of medical services, through a comprehensive upgrade of its IT infrastructure and security protection system.

Procuring Entity Information: Official name is Samodzielny Publiczny Zakład Opieki Zdrowotnej Szpital im. dr. J.Dietla w Krynicy-Zdroju, legal status is public entity, procuring entity activity sector is Health. Registration number is NIP:734-26-31-078. Contact point is the Public Procurement Department, fax number is 18 4732 700, website address is https://bip.malopolska.pl/szpitalkrynica,m,284163,informacje-o- szpitalu.html, procuring entity profile page is https://ezamowienia.gov.pl.

Procurement Type: Supply

Main CPV Code: 48000000 - Software package and information systems

Subject Description: The subject of the procurement is IT equipment and software for the implementation of the "Digitalisation and Cybersecurity Development of the Krynica-Zdrój Hospital" project. The detailed description and requirements are included in the tender documents and their annexes. The procedure is conducted via the e-procurement platform.

Procedure ID: ocds-148610-dbf0ef8-f68f-46de-b153-44b39fa05231

Tender Language: Polish

Tender Submission Location: https://ezamowienia.gov.pl/mp-client/tenders/ocds-148610-dbcf0ef8-f68f-46de-b153-44b39fa05231

Opening Date: 2026-03-12 09:30

Opening Location: ezamowienia.gov.pl platform, procedure page: https://ezamowienia.gov.pl/mp-client/tenders/ocds-148610-dbcf0ef8-f68f-46de-b153-44b39fa05231

Tender Validity Period: 90 days

Communication Method: Electronic communication must be conducted via the ezamowienia.gov.pl platform. Use of the platform is free of charge. Contractors interested in participating must have a "Contractor" entity account on the electronic procurement platform. Viewing and downloading the public content of the procedure documents does not require a platform account or login.

Document Format Requirement: Requires the use of an advanced or qualified electronic signature or electronic seal.

Financial Guarantee: Tenders for Lot 1 must be secured by a bid bond in the amount of 15,000.00 Polish Zloty.

Electronic Invoicing: Allowed

Electronic Payment: Yes

Framework Agreement: No framework agreement

Electronic Auction: No

Procedure Cancellation: The procuring entity, in accordance with Article 257(1) of the Public Procurement Law, may foresee the cancellation of the procurement procedure if public funds intended to finance all or part of the procurement are not secured.

DNSH Principle: The contractor is required to ensure that the supply and services are performed in accordance with the DNSH principle and is obliged to continuously collect information, data and documents confirming that the services are performed according to this principle. There is an obligation to use energy-efficient solutions, reduce emissions and resource consumption, and dispose of waste and equipment in accordance with the law during the implementation phase. The DNSH principle means the "Do No Significant Harm" principle, derived from Article 17 of Regulation (EU) 2020/852 of the European Parliament and of the Council.

Subcontracting Information:

Lot 1 (LOT-0001):

Title: Lot 1 - Part 1

Description: Supply, implementation and configuration of servers, network infrastructure and IT security systems according to the description and requirements in the tender documents and their annexes. This is the core cybersecurity enhancement part, aiming to build or upgrade the security foundation of the hospital network, achieving comprehensive protection for critical medical data and business systems.

Main CPV Code: 48820000 - Servers

Additional CPV Codes: 30233000 - Storage and reading devices, 32420000 - Network equipment, 48710000 - Backup and recovery software packages, 48219500 - Switch or router software packages, 48000000 - Software package and information systems, 72265000 - Software configuration services, 48620000 - Operating systems

Place of Performance: ul. Kraszewskiego 142, 33-380 Krynica-Zdrój, Poland, NUTS code: PL218 (Nowosądecki)

Estimated Duration: 3 months

EU Funding Information: The procedure is co-financed by Investment D1.1.2 from the National Recovery and Resilience Plan, as part of the Digitalisation and Cybersecurity Development project of the Krynica-Zdrój Hospital.

SME Applicability: Yes

Award Criteria:

Criterion 1 - Price: Name is CENA, weight is 60.00 points. Scoring formula is C = (Lowest Price / Evaluated Price) x 60.

Criterion 2 - Quality: Name is Additional functions and parameters of equipment, weight is 40.00 points. Each feature described in the tender documents will be scored.

Detailed Cybersecurity Hardware/Software Requirements and Quantities:

Server Infrastructure (Quantity: 3 units): Provide 3 high-performance servers for hosting core security management systems, such as Security Information and Event Management (SIEM) platform, Next-Generation Firewall virtualization instances, Endpoint Detection and Response (EDR) management servers, and Identity and Access Management (IAM) services. Servers must have high-availability configuration, supporting redundant power supplies and RAID protection to ensure continuous monitoring and defense capabilities.

Cybersecurity Devices (Quantity: 2 units): Provide and configure 2 units of Next-Generation Firewalls and Intrusion Prevention Systems (e.g., deployed in HA active-active mode). The devices should have features such as Deep Packet Inspection, application identification and control, advanced threat protection, etc., capable of finely controlling internal and external network traffic of the hospital, blocking malware, ransomware and other network attacks. Also, provide Network Access Control (NAC) functionality to perform security baseline checks and admission control for devices connecting to the hospital network.

Data Backup and Recovery System (Quantity: 1 set): Provide 1 set of centralized backup and recovery software and supporting hardware (e.g., backup server or backup appliance) for performing regular backups of the hospital's critical servers, databases and application systems. The backup system must support data deduplication and encryption functions to ensure the security and storage efficiency of backup data, and enable fast and reliable recovery to address risks from ransomware attacks and data loss.

Security Management System Software Licenses (Quantity: 1 set): Provide 1 set of server virtualization platform and necessary operating system licenses (specific quantity to support the virtualization needs of 3 servers). Operating systems must receive timely security patches. Software configuration services must ensure all security devices and systems are correctly deployed, policies are properly set, and integrated seamlessly with other IT systems.

Network Switches (Quantity: 4 units): Provide 4 manageable network switches for connecting servers, cybersecurity devices, and the internal network, supporting security features such as VLAN segmentation and ACL access control lists, to achieve network segmentation and isolation.

Lot 2 (LOT-0002):

Title: Lot 2 - Part 2

Description: Supply of computer sets and portable computers according to the description and requirements in the tender documents and their annexes. These end-user devices are the entry points for medical staff's daily work and access to hospital information systems. Their security and functionality directly impact the overall cybersecurity level and the digital experience of medical services.

Main CPV Code: 30213300 - Desktop computers, 30213100 - Portable computers

Additional CPV Code: 30231300 - Display monitors

Place of Performance: ul. Kraszewskiego 142, 33-380 Krynica-Zdrój, Poland, NUTS code: PL218 (Nowosądecki)

Estimated Duration: 3 months

EU Funding Information: The procedure is co-financed by Investment D1.1.2 from the National Recovery and Resilience Plan, as part of the Digitalisation and Cybersecurity Development project of the Krynica-Zdrój Hospital.

SME Applicability: Yes

Award Criteria:

Criterion 1 - Price: Name is CENA, weight is 60.00 points. Scoring formula is C = (Lowest Price / Evaluated Price) x 60.

Criterion 2 - Quality: Name is Audio function, weight is 10.00 points. Scoring criteria: 10 points for desktop computers providing a built-in chassis speaker with power of at least 2W.

Criterion 3 - Quality: Name is Optional disk service, weight is 10.00 points. Scoring criteria: 10 points for providing a service option guaranteeing that damaged data storage media is left on the premises of the procuring entity, applicable to disks in desktop and portable computers.

Criterion 4 - Quality: Name is Out-of-band technology, weight is 10.00 points. Scoring criteria: 10 points for desktop computers providing hardware remote monitoring and management technology built into the motherboard, operating independently of the operating system, and meeting the functional requirements specified in the description of the subject of procurement.

Criterion 5 - Quality: Name is Laptop service, weight is 10.00 points. Scoring criteria: 10 points for providing a warranty repair service option performed by a manufacturer-authorized service center at the device installation site, with a response time no later than the next business day, for portable computers.

Detailed End-User Device Requirements, Quantities, and Cybersecurity Relevance:

Desktop Computers (Quantity: 30 units): Provide 30 stable, secure and reliable desktop computers for daily work in hospital administration, outpatient and inpatient departments. Devices must support the latest Secure Boot technology and have built-in out-of-band management functionality, allowing the IT security team to remotely connect for troubleshooting, enforcement of security policies, and firmware-level security updates even when the operating system is unresponsive or the device is powered off, thereby ensuring endpoint compliance and manageability, and protecting against physical and remote attacks.

Portable Computers (Quantity: 15 units): Provide 15 lightweight and powerful laptops to meet the needs of medical staff for mobile work, ward rounds, remote consultations, etc. Devices must have built-in TPM security chips for encrypted storage of keys and credentials, ensuring data cannot be accessed illegally if the device is lost or stolen. Also, they must support modern authentication technologies, such as fingerprint recognition or infrared cameras, to enhance login security. Rapid-response on-site warranty service minimizes security risks and business disruption caused by endpoint failures.

Display Monitors (Quantity: 45 units): Provide 45 display monitors to be used with desktop computers and portable computers (via docking stations).

Disk Service Option: This service allows damaged hard disk drives or solid-state drives to remain on hospital premises for physical destruction by the hospital itself or handling according to internal security procedures. It is a key security measure to prevent the leakage of sensitive patient data due to device repair. This is an optional item, worth 10 points in the scoring criteria.

Lot 3 (LOT-0003):

Title: Lot 3 - Part 3

Description: Supply of database system licenses according to the description and requirements in the tender documents and their annexes. The database is the core of the hospital information system, storing vast amounts of patient diagnosis and treatment data, medical imaging information, and management data. Its security, reliability, and performance are crucial.

Main CPV Code: 48610000 - Database systems

Additional CPV Code: 72265000 - Software configuration services

Place of Performance: ul. Kraszewskiego 142, 33-380 Krynica-Zdrój, Poland, NUTS code: PL218 (Nowosądecki)

Estimated Duration: 14 days

EU Funding Information: The procurement project is not funded by EU funds.

SME Applicability: Yes

Award Criteria:

Criterion 1 - Price: Name is CENA, weight is 100.00 points. Scoring formula is Pi = C, C = (Lowest Price / Evaluated Price) x 100.

Detailed Database System Requirements, Quantities, and Cybersecurity Relevance:

Database Software License (Quantity: 1 set): Provide 1 set of stable, high-performance enterprise-level database management system software license (licensed per core or user, specifically meeting the hospital's current and future 3-5 year business needs) to support the hospital's core business systems, such as Hospital Information System (HIS), Laboratory Information System (LIS), and Picture Archiving and Communication System (PACS). The database software must have built-in robust security features, including but not limited to: fine-grained access control, transparent data encryption (data at rest and data in transit encryption), comprehensive audit logging, and security mechanisms to prevent common database attacks such as SQL injection.

Software Configuration Service (Quantity: 1 item): Provide 1 item of professional database software configuration service to ensure the database system is optimally configured according to best practices and the hospital's specific needs. Service content includes: installation and initial configuration, performance tuning, establishing high availability or backup/recovery strategies, and assisting in setting up security policies such as user permission assignment, encryption configuration, and audit rules, ensuring the database operates in a secure state from the outset of deployment.

Tender Document Requirements:

Preliminary Declaration: For preliminary confirmation of not being excluded and meeting the participation conditions, the tenderer must attach a Single European Procurement Document (SEPD), the template of which is Annex 2 to the tender documents. Furthermore, in accordance with points 5.3.2 and 5.3.4 of the tender documents, the tenderer must attach a declaration on the absence of grounds for exclusion, the template of which is Annex 3 to the tender documents. If the tenderer relies on the resources of another entity, that entity should submit a declaration, the template of which is Annex 6 to the tender documents. The procuring entity requires attaching evidence documents of the subject matter in accordance with point 3.3 of the tender documents.

Submission Upon Invitation: The procuring entity will invite the highest-scoring tenderer(s) to submit up-to-date entity evidence documents within a period specified as not less than 10 days, including: a list of completed supplies over the past 3 years with relevant proof, a list of assigned personnel, a declaration on capital group affiliation, certificates of no arrears from the tax office and social security institution, a declaration on the validity of the declared information, and relevant information from the National Criminal Register.

Appeal Body: Name is Krajowa Izba Odwoławcza (National Appeal Chamber), address is ul. Postępu 17a, 02-676 Warszawa, Poland, telephone is 22458 78 01, fax is 22 458 78 00, email is odwolania@uzp.gov.pl, website is https://www.uzp.gov.pl/kio.

Appeal Deadline: Within 10 days from the date of receiving information about the procuring entity's action constituting the basis for the appeal; regarding the content of the notice initiating the procurement procedure or the content of the procurement documents, within 10 days from the date of publication of the notice in the EU Official Journal or publication of the documents on the website; in other cases, within 10 days from the date of learning or should have learned the basis for the appeal. For detailed information, see Part Nine "Legal Remedies" of the Public Procurement Law.

Notice Change Information: This notice is an update to notice number 79708-2026, the main reason for change being information update. Notice identifier/version is 206acaa6-07e3-4f49-8aea-c46cc41c4e18 - 01, form type is competitive procedure, notice subtype is 16, notice dispatch date is 2026-02-27.