We all rely on the UK’s health services, from booking a GP appointment and collecting prescriptions, to receiving life‑saving treatment in hospitals.
These services increasingly depend on digital systems to operate safely and effectively. When it works well, patients rarely notice it. Behind the scenes, healthcare depends on interconnected IT systems and supply chains. Securing the NHS is particularly challenging because it spans a vast collection of legacy and modern technologies, numerous suppliers and critical services, where even small vulnerabilities can have system‑wide consequences for patient care. Issues in one area can have wide-reaching consequences across many other organisations, disrupting services far beyond a single provider.
Recent cyber incidents have shown that attacks on healthcare do not just affect systems or data. They can delay tests, disrupt care, and put pressure on frontline staff. For example, in June 2024, a ransomware attack on Synnovis, a key NHS pathology provider, led to postponed tests and procedures across multiple hospitals and GP practices.
Incidents like this show that cyber resilience is linked to patient safety and why the health sector is a priority for the NCSC. But cyber resilience in healthcare cannot be achieved by individual organisations working alone. It depends on shared responsibility, strong partnerships and practical collaboration across the NHS, government, and industry.
Building on the national and local preparedness and resilience work undertaken by the NHS over the last decade, collaboration between organisations working across the health sector has deepened over the past 18 months. By working together, we are reducing cyber risk, improving detection, and helping to keep vital services running. This has included:
