News, NHS trust

Lincolnshire Community and Hospitals Group board focuses on cyber landscape and resilience

Lincolnshire Community and Hospitals Group board recently discussed its cyber landscape, increased operational complexity, plans for cyber resilience, and a pilot for managed security operations.

The group acknowledges operating in an increasingly complex cyber security environment, noting progress in strengthening cyber resilience, including work following the transition from AGEM CSU to an internally hosted digital service model, with investment in secure infrastructure and improvements made to backup capability. The group’s expanded role for the wider Lincolnshire system has led to increased operational complexity, with a number of legacy systems and interconnected services, and “particular complexity” in acute settings, it notes.

Identity and access control is strong, according to the board, especially for remote and privileged access, where multi factor authentication is in place. Work is ongoing to improve the management of inactive accounts and access inheritance, and to explore opportunities to reduce reliance on managers or colleagues to notify digital services of changes required to permissions, using automations or integrations with HR workflows. Vulnerability management and backup arrangements are also described as robust. A 12-month proof of concept is underway using a managed security operations centre partner to offer 24/7 coverage and centralised alerting, the group continues.

On meeting national requirements for cyber resilience, the board sets out planned actions and areas of focus, including the identification of the group chief integration officer/deputy CEO as accountable officer, the development of a set of managed digital risks with regular review, work toward reducing tech complexity and removing legacy systems, and collaboration with system partners to standardise infrastructure and tech solutions.

Business continuity is the “most critical residual risk”, LCHG notes, with actions being taken to mitigate this, such as structured testing and timing to support key system recoveries, and engagement in care group and corporate team risk reviews to develop awareness based on real-world learning. The group will prioritise large transformational programmes to significantly reduce the number of systems and outdated software, and the modernisation of infrastructure across Lincolnshire to increase capabilities to manage risk.

Microsoft Defender for Endpoint reports that more than 99.5 percent of computers have Defender antivirus installed with daily antivirus updates, the group shares. Server exposure has continued to reduce due to patching, and client exposure has improved “significantly” although vulnerabilities remain in particular with the use of third-party products.

Phishing threats are continuing to increase, and the group plans to pilot a new national secure gateway service with community to offer the same level of capability as in acute services, with a view to ultimately replacing the locally provided solution and integrating with wider NHSE central cyber capabilities. Cyber awareness training campaigns will shortly be launched through MetaCompliance, initially focusing on acute colleagues, and expanding to community or system partners over 2026/27.

Wider trend: Cyber 

For a recent HTN Now webinar, we were joined by digital leaders from across the health sector for a deep dive into cyber security in healthcare, exploring strategic challenges, preparedness, recovery, and how best to embed resilience into clinical, technical, and governance frameworks. Making up our panel were Nasser Arif, cyber security manager at London North West University Healthcare NHS Trust and Hillingdon Hospitals NHS Foundation Trust; Lee Rickles, CIO at Humber Teaching NHS Foundation Trust; and Andy Wilcox, Imprivata’s senior product marketing manager.

A separate panel discussion focused on the topic of clinical continuity and cyber resilience, with HTN joined by experts from across the health sector, including Alan Simpson, CISO at Rapid7; Stuart Cooney, CTO at Royal Berkshire NHS Foundation Trust; and John Mitchell, assistant director of digital at Humber and North Yorkshire ICB. Our panel considered the evolving threat landscape, current capabilities, emerging technologies, and best practices for ensuring resilience both now and in the future.

The board of NHS England has ranked a cyber incident higher on its organisational risk registers than a pandemic, following an assessment of mitigations and preparedness already in place, likelihood, and impact. The cyber risk target score has been set at 16 by 2030, which NHSE claims offers closer alignment with the cyber strategy lifecycle, whilst remaining “above appetite” due to persistent external threat levels, “variable sector maturity”, and a reliance on supplier assurance and recovery planning. A simulation exercise is scheduled to take place in July with a small sample of NHS organisations, to help evaluate resilience to a cyber event, looking at ability to maintain critical services and coordinate a national response during a prolonged period of disruption.