Jump to content

Search the hub

Showing results for tags 'Cybersecurity'.

More search options

  • Search By Tags

    Start to type the tag you want to use, then select from the list.

  • Search By Author

Content Type


Forums

  • All
    • Commissioning, service provision and innovation in health and care
    • Coronavirus (COVID-19)
    • Culture
    • Digital health and care service provision
    • Improving patient safety
    • Investigations, risk management and legal issues
    • Leadership for patient safety
    • Organisations linked to patient safety (UK and beyond)
    • Patient engagement
    • Patient safety in health and care
    • Patient Safety Learning
    • Professionalising patient safety
    • Research, data and insight
    • Miscellaneous

Categories

  • Commissioning, service provision and innovation in health and care
    • Commissioning and funding patient safety
    • Health records and plans
    • Innovation programmes in health and care
    • Climate change/sustainability
  • Coronavirus (COVID-19)
    • Blogs
    • Data, research and statistics
    • Frontline insights during the pandemic
    • Good practice and useful resources
    • Guidance
    • Mental health
    • Exit strategies
    • Patient recovery
    • Questions around Government governance
  • Culture
    • Bullying and fear
    • Good practice
    • Occupational health and safety
    • Safety culture programmes
    • Second victim
    • Speak Up Guardians
    • Staff safety
    • Whistle blowing
  • Digital health and care service provision
    • Artificial Intelligence
    • Apps for health and care
    • Teleservices
    • Other health and care software
    • Digital health regulatory bodies/standards/guidance
  • Improving patient safety
    • Clinical governance and audits
    • Design for safety
    • Disasters averted/near misses
    • Equipment and facilities
    • Error traps
    • Health inequalities
    • Human factors (improving human performance in care delivery)
    • Improving systems of care
    • Implementation of improvements
    • International development and humanitarian
    • Patient Safety Alerts
    • Safety stories
    • Stories from the front line
    • Transformative Simulation
    • Workforce and resources
  • Investigations, risk management and legal issues
    • Investigations and complaints
    • Risk management and legal issues
  • Leadership for patient safety
    • Business case for patient safety
    • Boards
    • Clinical leadership
    • Exec teams
    • Inquiries
    • International reports
    • National/Governmental
    • Patient Safety Commissioner
    • Quality and safety reports
    • Techniques
    • Other
  • Organisations linked to patient safety (UK and beyond)
    • Government and ALB direction and guidance
    • International patient safety
    • Regulators and their regulations
  • Patient engagement
    • Consent and privacy
    • Harmed care patient pathways/post-incident pathways
    • How to engage for patient safety
    • Keeping patients safe
    • Patient-centred care
    • Patient Safety Partners
    • Patient stories
  • Patient safety in health and care
    • Care settings
    • Conditions
    • Diagnosis
    • High risk areas
    • Learning disabilities
    • Medication
    • Mental health
    • Men's health
    • Patient management
    • Social care
    • Transitions of care
    • Women's health
  • Patient Safety Learning
    • Patient Safety Learning documents
    • Patient Safety Standards
    • 2-minute Tuesdays
    • Patient Safety Learning Annual Conference 2019
    • Patient Safety Learning Annual Conference 2018
    • Patient Safety Learning Awards 2019
    • Patient Safety Learning Interviews
    • Patient Safety Learning webinars
  • Professionalising patient safety
    • Accreditation for patient safety
    • Competency framework
    • Medical students
    • Patient safety standards
    • Training & education
  • Research, data and insight
  • Miscellaneous

News

  • News

Find results in...

Find results that contain...


Date Created

  • Start
    End

Last updated

  • Start
    End

Filter by number of...

Joined

  • Start

    End

Group

First name

Last name

Country

About me

Organisation

Role

Found 104 results
  1. News Article
    The national patient data watchdog has said it will investigate how Palantir staff came to have access to identifiable patient data in the federated data platform, despite previous assurances that this would not be the case. In a statement published yesterday afternoon by the National Data Guardian (NDG), Nicola Byrne said the watchdog would “seek clarification” over why it was not previously informed that external contractors would be able to view identifiable patient data. Reports emerged last month that staff from companies working on the FDP, including Palantir, would be granted “unlimited access” to identifiable patient data through the National Data Integration Tenant environment. This is where NHS organisations will submit raw data before identifying features are removed or pseudonymised. In this week’s statement, Dr Byrne said there has been “subsequent confirmation from the [FDP] programme team that some external contractor staff also have access to identifiable patient information”. The NDG is an independent adviser to the government and the health service and has no statutory investigatory or enforcement powers. The watchdog said: “We need to be confident that the positions presented to us are accurate, consistent, and clearly reflected in public-facing transparency materials. We have also emphasised the need for timely engagement with the NDG whenever significant programme decisions change in ways that may affect public trust, as in this case.” Read full story (paywalled) Source: HSJ, 4 June 2026
  2. News Article
    A hospital provider has admitted that confidential patient information relating to almost 33,000 of its patients was stolen and shared on the dark web, two years after the cyberattack took place. Bedfordshire Hospitals Foundation Trust sent a notice to patients on Monday after being informed by pathology systems provider Synnovis that data relating to approximately 32,927 individuals was affected. The high-profile ransomware attack happened in June 2024, causing widespread disruption and shutting down IT systems. It primarily affected providers in south east London, which used the software for its pathology services. However, Bedfordshire FT has only now revealed to patients it was also affected, because the trust said a lengthy review had been required to establish precisely which data had been compromised. Historic tests carried out before November 2020 may have been affected, including names, dates of birth, patient numbers, NHS numbers, postcode, and test results going back nine years. The trust said files taken were not organised as a single database and were “highly unstructured, incomplete and fragmented”, and it had taken over a year of detailed analysis by specialist teams to reconstruct and understand what information was present, and which organisations it related to. As a result, personal data within the files is fragmented, incomplete, and dispersed across multiple documents, the trust said. Bedfordshire FT said Synnovis “provided essential services to us” and that during the attack, criminals “unlawfully accessed internal systems and extracted a set of files, which were later published on online forums known for sharing stolen data”. Read full story (paywalled) Source: HSJ, 2 June 2026
  3. News Article
    NHS England is restricting access to open source code after researchers found the Mythos AI model could expose “pretty severe” vulnerabilities in commonly used software. NHSE issued guidance on 29 April stating that all open source repositories be made private by default by 11 May due to security concerns. HSJ understands the guidance was issued after NHS England was informed by a group of researchers with access to Mythos that the AI model could detect and expose vulnerabilities in open source software used across the NHS. However, one of the researchers who discovered the vulnerabilities said restricting access to open-source code “will not improve security”. Vlad-Stefan Harbuz is the executive director of the Software Stewardship Lab, a non-profit organisation that aims to protect open source technology by identifying threats and producing software and research to mitigate them. Mr Harbuz alerted NHSE after the Software Stewardship Lab was given advance access to the Mythos software and found vulnerabilities in open source NHS software. He said the vulnerabilities were “not unique to the NHS” but that “NHS services used by the public could be seriously affected” if they were exploited. Read full story (paywalled) Source: HSJ, 6 May 2026
  4. News Article
    Medical information of 500,000 participants of one of the UK's landmark scientific programmes, UK Biobank, were offered for sale online in China, the government has confirmed. Technology minister Ian Murray said information of all members of the database was found listed for sale on the website Alibaba. Murray told MPs the charity which runs UK Biobank had told the government about the breach on Monday. He said the information did not include names, addresses, contact details or telephone numbers. However he said it could include gender, age, month and year of birth, socioeconomic status, lifestyle habits, and measures from biological samples. The Biobank is a collection of health data offered by volunteers which has been used to help improvements in detection and treatment of dementia, some cancers and Parkinson's. It has collected intimate details - including whole body scans, DNA sequences and their medical records - from hundreds of thousands of volunteers for over two decades. The project has led to more than 18,000 scientific publications. Participants were aged from 40 to 69 when they were recruited between 2006 and 2010. "We understand that the existence of these listings, even temporarily, will be concerning to you," Chief Executive Professor Sir Rory Collins said in a message to participants, external. "We want to reassure you that all the data are de-identified; they do not contain any personally identifying information (such as names, addresses, dates of birth, and NHS numbers)." Read full story Source: BBC News, 23 April 2026
  5. Content Article
    The King’s College London Cyber Security Research Group has published a white paper, Building NHS Resilience to Ransomware: Central Oversight and Shared Capability. The paper identifies ransomware as the most acute cyber threat facing NHS Trusts. This is driven not only by the nature of the threat itself, but by inconsistent implementation of established security controls and uneven governance maturity across organisations. The report finds that the primary constraint is often cultural rather than technical or financial. While the NHS has a strong patient safety culture, this has not yet fully extended to digital systems and third-party dependencies. As a result, cyber risk is still too often treated as an IT or procurement issue, rather than as a direct risk to service continuity, public trust, and patient safety. The paper proposes a Cyber Leadership Framework centred on Board-level ownership and empowered CIO or CISO leadership. It emphasises the need to connect technical controls with the operational realities of care delivery. It also argues for greater centralisation of core cyber capabilities and shared services to reduce fragmentation and support weaker Trusts in reaching consistent standards. The report highlights the importance of organisational culture alongside technical capability. This includes leadership tone, clear accountability, translating cyber risk into operational terms, and moving beyond compliance towards demonstrable resilience in care delivery. Ultimately, the paper argues that the future digital legitimacy of the NHS will depend not only on improved tools, but on embedding cyber resilience within the culture of safe care. Former Health Secretary Alan Milburn welcomed the report, noting in particular its focus on governance and cultural change as key to reducing risk, rather than relying solely on increased resources.
  6. News Article
    Trust chief executives should face stronger “personal consequences” if their organisation’s cyber security fails, according to a senior government figure. Alan Milburn, who is the Department of Health and Social Care’s lead non-executive director, today endorsed a report that said there was “insufficient accountability or personal consequences for senior executives who fail to fulfil their responsibilities to ensure a minimum level of cyber security and resilience”. King’s College London published the report on “building NHS resilience to ransomware”, calling for a new “cyber leadership framework” for the NHS. The report acknowledges that resources for cyber security in the NHS are meagre, unevenly distributed and not centrally tracked. But it says that, despite this, cultural changes could make it more resilient. It recommends more centralised and consistent standards – to be enforced by regulators – and adding a cyber security rating to existing NHS England provider league table rankings. In a foreword to the report, Mr Milburn argues: “We need to reduce the risk, especially as we press forward with better leveraging patient data and AI. “I very much welcome… the focus on how governance and cultural fixes can reduce the risk – rather than simply throwing more resources at the problem. There are few, if any, areas where achieving clarity of accountability and consistency matters more than in cyber security and resilience.” Read full story (paywalled) Source: HSJ, 31 March 2026
  7. Content Article
    Most health systems and hospitals have older medical devices that they have used for years, and some of those devices can pose risks to their cybersecurity. Dr. Marcus Schabacker, president and CEO of ECRI, talked with Chief Healthcare Executive about the problems arising from legacy medical devices.
  8. Content Article
    If hospitals lose access to their computers, patient safety can be compromised, Dr. Marcus Schabacker says. Schabacker is the president and CEO of ECRI, an organisation focused on improving patient safety. The group recently released its annual list of the 10 biggest threats to patient safety, and ECRI placed “digital darkness” events right near the top. Outages of computer systems ranked second, trailing only the misuse of chatbots in medicine. Hundreds of health systems have endured cyberattacks that have disrupted their systems and forced hospitals to work without key computer systems for a significant amount of time. But Schabacker tells Chief Healthcare Executive that the threats go beyond organisations being hacked.
  9. Event
    The Safety 360° Summit is a curated, high-level event that for the first time brings together senior European leaders from diverse risk domains in a cross-industry dialogue on the central safety challenges of our time. Cyberattacks, AI-driven disinformation, rising geopolitical tensions, and societal polarisation simultaneously shape today’s landscape of safety and risk – yet they are still largely addressed in isolation within industry-specific silos. The Safety 360° Summit transforms this fragmentation into a shared strategic dialogue, laying the foundation for more effective responses to the central safety challenges of our time. Register
  10. Content Article
    In this article for Health Tech World, Chris Hamilton and Mike Drew explain why cyber security leadership is now paramount for most healthcare providers.
  11. News Article
    Personal patient and staff information has been posted on the dark web after hackers exploited a software vulnerability at Barts Health NHS Trust. The criminal group, known as Cl0p, stole files from the trust’s database in August 2025, including names, addresses, and invoices of patients and staff who had paid for treatment or services over several years. It also included files relating to accounting services provided since April 2024 to Barking, Havering and Redbridge University Hospitals NHS Trust. In a statement, Barts Health said that its electronic patient record and clinical systems have not been affected by the attack and it is “confident” that its core IT infrastructure is secure. Read full article. Source: Digital Health, 9 December 2025
  12. Content Article
    In this Q&A article on Medical Xpress, author Susanne Clara Bard says innovation can make health care systems vulnerable to sophisticated cyberattacks, threatening not only data, but patient lives. From pacemakers to patient portals, modern health care systems are increasingly reliant on connected technologies.
  13. News Article
    Cyberattacks keep crippling NHS services not due to missing technology, but predictable board-level governance failures that leave known vulnerabilities unaddressed The Synnovis ransomware attack in June 2024 cancelled 10,000 appointments and forced hospitals to rely on manual blood-test processing for weeks – cost: £32.7m. Seven years earlier, WannaCry paralysed 80 NHS trusts – cost: £92m. Read full story (paywalled) Source: HSJ, 21 November 2025
  14. News Article
    The NHS’s head of cyber security has said the service can be more transparent about attacks that affect the service. NHS England director of national cyber security operations Mike Fell told a conference last week that NHS cyber security teams felt they were in an “echo chamber” and that the issue was not taken seriously enough by clinicians. Speaking at the Healthcare Excellence Through Technology event last week, Mr Fell said he was surprised by the lack of buy-in to the issue from clinicians. He said the risk posed to patient safety should be “a really easy sell to professionals who have taken the Hippocratic oath”, and that specialist cyber teams had “hard questions to ask ourselves” about why this hadn’t happened. Last year, a patient at King’s College Hospital died after a cyber attack on the trust’s pathology provider Synnovis meant their blood test results were slow to be processed. Hospital trusts in the North West reported a £3m cost after an attack in 2024 and a medical devices company supplying half of England’s local authorities tipped into insolvency after a cyber attack. A Scottish health board also had its data compromised last year. Mr Fell added: “We don’t have enough ownership of doctors and business owners seeing it as part of their world.” Read full story (paywalled) Source: HSJ, 13 October 2025
  15. Content Article
    In February 2024, Change Healthcare, a data processing firm, was the target of a cyberattack by the ransomware group ALPHV Black Cat. An active ransomware operation, ALPHV Black Cat is thought to also be behind a 2021 attack on Colonial Pipeline that disrupted the nationwide fuel supply chain. In the wake of the attack on Change Healthcare, hundreds of thousands of healthcare organisation were unable to submit claims or receive payments. With the weeks-long paralysis and ponderous shift to alternative protocols, many facilities found themselves unable to deliver care and facing financial collapse. This article in JAMA Health Forum looks at what healthcare organisations can learn from the incident to protect against future ransomware attacks and mitigate their impact.
  16. News Article
    Sensitive patient information has allegedly been leaked on the dark web after Genea, one of Australia’s leading IVF and fertility services providers, was hacked a fortnight ago. The attack was allegedly carried out by the Termite ransomware group, prompting Genea to obtain a court injunction on Wednesday that criminalises access to the breached patient data. In a statement, Genea said: “Our ongoing investigation has established that on the 26 of February, data taken from our systems appears to have been published externally by the threat actor.” “We understand that this development may be concerning for our patients for which we unreservedly apologise.” Sensitive information including contact details, Medicare card numbers, medical histories, test results and medications may have been compromised in the data breach, Genea said, and it was “working to understand precisely what data has been published”. Read full story Source: the Guardian, 26 February 2025
  17. News Article
    A major private provider of NHS services has been hit by a cyber attack, taking down its network and potentially breaching patient data. HCRG Care Group, which was formerly Virgin Care, confirmed it was looking into claims made by a ransomware group that more than two terabytes of sensitive information had been breached. HCRG provides community services for the NHS in Kent, Surrey and Bath, North East Somerset, Swindon and Wiltshire. An HCRG spokesperson said: “We can confirm that we are currently investigating an IT security incident and have recently identified a post on the dark web by a group claiming responsibility. Our team has not observed any suspicious activity since the implementation of immediate containment measures, and we are working with external forensic specialists to investigate the incident. ”We have informed the [Information Commissioner] and regulators and are keeping them updated on our investigation. Our services are continuing to operate and safely see patients, and those with appointments or who need to access our services should continue to do so.” Read full story (paywalled) Source: HSJ, 20 February 2025
  18. News Article
    Two recent cyber attacks that cost the NHS millions of pounds and led to patients’ data being published online could have been mitigated with basic security measures, an integrated care board has found. Wirral University Teaching Hospitals Foundation Trust was hit by a “targeted” cyber attack in November, which lasted about nine days, then three other trusts in Merseyside were hit in early December in an unconnected incident. WUTH was forced to take its Cerner electronic patient record system offline, while some activity was either cancelled or rescheduled, which the trust has confirmed amounted to a loss of around £3m. A report to its board said its cancer performance “will take months to recover”. In an update to ICB executives, chief digital information officer John Llewellyn said: “The incidents above may have been mitigated if core cyber security standards had been adhered to… There are still significant gaps in compliance with basic security standards in multiple organisations which, in turn, lead to vulnerabilities for all organisations because of the interconnected/cross organisational patient flows, clinical services (such as pathology and imaging) and supporting digital infrastructure and clinical systems. “These are just examples, however, and there are many other technical aspects to cyber risk that need to be shared, understood and proactively managed in order to manage and mitigate these as effectively as possible.” Read full story (paywalled) Source: HSJ, 6 February 2025
  19. News Article
    A cyber attack has forced a US non-profit blood donor centre to postpone appointments despite declaring blood shortages just one week earlier. New York Blood Center Enterprises announced that it had “identified suspicious activity” affecting its IT systems on on 26 January 2025. In a statement, published on 29 January, it said: “We immediately engaged third-party cybersecurity experts to investigate and confirmed that the suspicious activity is a result of a ransomware incident. “We took immediate steps to help contain the threat and are working diligently with these experts to restore our systems as quickly and as safely as possible. Law enforcement has been notified.” On 1 February and 2 February 17 blood drives were cancelled as a result of the cyber attack. The centre, which is the largest independent blood supplier in the New York City area, confirmed that although it is still accepting blood donations, “processing times may be longer than normal”. There is no estimated timetable for fully restoring its operations. The attack echoes the ransomware attack on NHS pathology provider Synnovis in June 2024, which led to NHS Blood and Transplant urgently calling for donations of O Positive and O Negative blood to boost stocks. Read full story Source: Digital Health, 3 February 2025
  20. News Article
    The European Commission has introduced an action plan to strengthen the cybersecurity of hospitals and healthcare providers across the European Union (EU). The initiative includes creating a pan-European Cybersecurity Support Centre, managed by the European Network and Information Security Agency, to address the rising number of cyber threats targeting healthcare institutions. In 2023 alone, 309 significant incidents were reported in healthcare, more than in any other critical sector. “The healthcare sector faces the highest proportion of high-impact cybersecurity incidents,” Robin van Kessel, PhD, a Hoffmann fellow in health system financing and payment models at the London School of Economics, London, United Kingdom, and the World Economic Forum, told Medscape Medical News. This disproportionate impact reflects the fact that healthcare organisations store a large amount of sensitive patient data, including medical histories, diagnoses, and treatment information. Cyberattacks on healthcare systems can disrupt critical medical services, thus causing potentially severe consequences for patient care and safety. Read full story Source: Medscape Medical News, 27 January 2025
  21. Event
    This webinar will have an emphasis on the role of local Healthwatch organisations and it will provide practical guidance on how Healthwatch can safeguard patient data, adhere to regulations, and ensure trust in healthcare services. It will be looking at: Importance of cybersecurity and data protection Role of local Healthwatch in data and cyber protection Cybersecurity threats in healthcare Best practices for data security Legal framework for data protection Collaboration with healthcare providers Who can attend? This joint event with Healthwatch England is designed for adult health and social care providers in England and are aimed at people who make decisions about the use of technology in care services. For Healthwatch staff who support this sector. This might also include: Owners Registered Managers Nurses Senior Care Staff Domiciliary Care Administrators IT Professionals Quality & Compliance Leads Register
  22. Event
    until
    Join a conversation with industry experts on cyber risk, response and claims. With increasing and high profile cyber-attacks on both health and care organisations we discuss the issues that organisations face, what can be done prevent and minimise attacks, what to do if your organisation falls victim to an attack and the steps that should be taken to minimise the impact on your organisation which can far ranging in terms of patient safety, work force, and finance. Your panel of expert speakers: Richard Hearn - Divisional Director, Howden Dave Allen - CEO, Cysiam Vicki Bowles - Partner, Bevan Brittan Julie Charlton - Partner, Bevan Brittan Register
  23. Content Article
    The number of cyberattacks and information system breaches in healthcare has grown steadily, escalating from isolated incidents to widespread targeted and malicious attacks. In 2022, 707 data breeches occurred in the US, exposing more than 51.9 million patient records, according to data from the Department of Health and Human Services (DHHS).  To help healthcare organisations address this growing patient safety concern, The Joint Commission has issued this Sentinel Event Alert that focuses on risks associated with cyberattacks and provides recommendations on how healthcare organizations can prepare to deliver safe patient care in the event of a cyberattack. 
  24. Content Article
    In May 2021, the Irish public health service was the target of a cyber-attack. The response by the health service resulted in the widespread removal of access to ICT systems. While services including radiology, diagnostics, maternity and oncology were prioritised for reinstatement, recovery efforts continued for over four months. This study describes the response of health service staff to the loss of ICT systems and the risk mitigation measures introduced to safely continue health services. It also explores the resilience displayed by frontline staff whose rapid and innovative response ensured continuity of safe patient care.
  25. News Article
    Two ambulance trusts have been left without a working electronic patient care record system for a week after a cyber attack affecting its Swedish-based supplier. Staff at South Western Ambulance Service Foundation Trust and South Central Ambulance Service FT have been working on paper since the MobiMed system – supplied by the firm Ortivus – went down last Tuesday. More than 1,700 ambulances and clinical workstations use the system, according to the company. One employee told HSJ some staff were struggling with a paper-based system which meant they had less information on patients. ”We can’t do summary care record searches or see previous call information,” the staff member said. SWASFT sent a message to staff on Friday saying the system was likely to be down “for a prolonged period”. Read full story (paywalled) Source: HSJ, 25 July 2023

© 2026 Patient Safety Learning. All rights reserved.

Patient Safety Learning is registered as a charity with the Charity Commission Registration number 1180689.

×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.