Barnsley Hospital NHS Foundation Trust’s annual cyber security report has shared insights into recent upgrades and assurance, in line with recommendations from external parties and professional bodies.
Over the last year, the trust has upgraded its backup solution to provide a “digital air gap”, replaced its antivirus/malware and device control solution, upgraded its server antivirus solution, and completed whole system upgrades for radiology and pathology systems.
An annual cyber security penetration test has also been completed using individuals who are “leaders in hacking technology” to provide recommendations on areas for improvement, and the board underwent NCSC assured board cyber security training in July. Work is continuing with suppliers to move toward fully supported and patched operating systems and firewalls.
The trust has shared a series of communications and education for staff on the consequences of accidental actions that lead to the sharing of information or the incapacity of trust technology, including a “Stay Secure with Stacey Cure” education campaign and a staff phishing quiz.
Technology solutions have also been employed to ensure organisation servers and computers are kept up-to-date with the latest antivirus and malware defences, and firewalls have been replaced with CareCERT and National Cyber Centre certified solutions from CISCO. Full end point protection of devices is in place to recognise and combat threats, updated daily to protect against malware on devices or email, blocking ports and stopping staff or guests copying information onto removable storage devices.
Earlier this year, BHNFT’s annual report highlighted the impact of digital investments such as digital clinic notes and ED documentation on patient experience and clinical care. The trust shared that investments made in digital technologies in 2024/25 have supported it in sending 64,000 letters per month digitally to patients and partners, delivering up to 25 percent of its total appointments virtually, creating 910,000 digital healthcare documents as part of its paper to digital programme, and scanning 97 million pages of clinical paper notes. Over 50,000 Careflow Connect digital handovers per month are carried out, it continues, and staff have also been supported in working from home, with 427 members of staff working from home on a single day during 2024.
Each of these implementations was accompanied by engagement and support, according to the trust, with delivery groups set up to conduct needs analysis and carry out appropriate training, and other modes of support ranging from videos to competency tests, and floor walking to drop-in sessions. Staff have been enabled to use their own mobile and home technology securely, it adds, whilst plans for the coming year include digital inclusion sessions and the introduction of tech such as speech recognition, AI, and ambient voice to help minimise admin time and increase staff time to care.
Wider trend: NHS cyber security
In a recent panel discussion, we were joined by experts from across the health and care sector to explore different approaches to cyber security and how to overcome the main challenges involved with making healthcare organisations more secure. We also looked at practical steps that can be taken to help with staff awareness and training, along with short-term priorities and what the future might look like. As part of the discussion, we were joined by Keltie Jamieson, the CIO at Bermuda Hospitals Board, Nasser Arif, cyber security manager at London Northwest Healthcare NHS Trust and Hillingdon Hospitals NHS Foundation Trust and Ryan Pullen, director of Stripe OLT Consulting.
Guidance from NHS England has outlined ways non-executive directors can contribute to keeping their organisation safe from cyber attack, with Jamie Saunders, non-executive chair of the NHS England Cyber Security Risk Committee, noting, “boards throughout the NHS have a key role to play in safeguarding patients from this risk.” The aim is to provide a resource to support, understand and deal with cyber security risks, and how external assessments provide insights, along with what questions to ask yourself, the board, and the questions the board should ask.
A digital update shared in Black Country Healthcare’s September board meeting has outlined progress made around digital objectives, reflections from the trust’s digital maturity assessment, cyber security, and current uses of emerging tech including AI and ambient voice. Over the last quarter, Black Country Healthcare reports experiencing “a four-fold increase” in attempted cyber breaches, sharing network defence metrics showing 1,236 malicious attempts blocked, 1,684 detected, with 73 percent blocked at the perimeter. “Stringent” patch management and access control processes are in place, and cyber security awareness is embedded within staff training, with the trust engaging in exercises to support staff in spotting malware threats and maintaining responsible credential management.
