NHS England has selected IBM and Palo Alto Networks to partner on the NHS Secure Boundary service, offering AI-enabled cyber security and “future-ready” threat protection for the health system.
The service will establish a cloud-native cyber security platform featuring AI-driven threat detection and built-in web application firewall protection, according to IBM, to include support for mobile and remote users. It will grant centralised national threat intelligence and monitoring integrated with the NHS Cyber Security Operations Centre, with options for security policies to be customised locally.
As a centralised national service, it has the potential to remove the need for costly and compute-intensive local firewalls and “multiple overlapping security products”, IBM states, helping NHS organisations stay ahead of evolving cyber risks and safeguarding patient data. It also supports the move toward community-based care, IBM continues, by protecting sensitive information “in transit” and enabling staff to connect securely from any location.
IBM is to lead on the migration from the existing service, as well as onboarding and management, while Palo Alto Networks provides the cloud-based security tech behind the solution. Additional benefits shared by IBM cover local traffic decryption capabilities, and a user driven value-add catalogue to support tailoring to local needs.
“IBM is proud to support NHS England as it delivers the next generation of the Secure Boundary service,” said Rhodri Arrowsmith, managing partner at IBM Consulting UKI. “Protecting vital national services requires a modern, scalable, and intelligence-led approach. By bringing together IBM’s experience, the NHS’s vision, and Palo Alto Networks advanced AI-driven technology, we’re helping to build a strong cyber-resilient foundation that allows clinicians and staff to focus on what matters most: providing outstanding patient care.”
Wider trend: Cyber
HTN was joined by a panel including Ciara Moore, EPR operations director at Bath, Salisbury and Great Western Group, Stuart Cooney, CTO at Royal Berkshire NHS Foundation Trust, and Julian Wiggins, healthcare solution director at Rackspace Technology, for a discussion focusing on cloud adoption, AI maturity, and cyber resilience. Panellists explored how healthcare organisations are tackling delivery, legacy systems, and rising digital expectations, and what this means for future strategy and plans. We also looked at the fragmented cloud landscape, integration pressures, legacy infrastructure, AI, and the growing urgency around cyber resilience, finishing by asking where NHS leaders should prioritise investment and focus in 2026.
In a recent meeting, the NHS England board offered a series of updates around cyber resilience, single patient record, neighbourhood technology, the genomics programme, and 10-Year Plan acceleration programmes, citing “a number of concerns” that need to be addressed prior to investment commitments. NHSE reflected on slow progress toward its request for a national business continuity exercise around the event of a severe cyber attack, highlighting the importance of testing and planning for major failure scenarios with a focus on business operations and decision-making resilience, “rather than technical restoration”.
South West London ICB has shared an update on its current cyber assurance and details of system-wide cyber improvement activities, extending to progress around governance and promoting alignment with provider organisations. The update follows news that the ICB’s digital team has secured more than £1 million in funding from NHS England to support its delivery of the SWL Cyber Strategy in 2025/26. The ICB’s latest Cyber Security Strategy set out six objectives to be achieved by 2030: strengthening governance, managing risk, understanding critical systems and suppliers, prevention and resilience, detecting and responding to threats and incidents, and embedding cyber awareness and culture.
