Building Cyber Resilient Healthcare: Strengthening the NHS in the Digital Age

The NHS faces unprecedented challenges in delivering care to an ageing population while combating the rising tide of cyber threats. As patient care depends more on digital systems, with data serving as its lifeblood, the stakes for safeguarding this infrastructure have never been higher.

This underscores the pivotal role cyber security plays in maintaining uninterrupted service delivery. Across the UK, in less than two years, eight in 10 healthcare providers experienced a security breach. Disrupting the flow of data can delay life-saving treatments and diagnoses, stall communication between staff, and compromise patient care – putting lives at risk and increasing stress.

So, what happens now? BT’s recent survey of NHS staff and the UK public provides key insights into the sentiment around cyber security in the NHS. These findings reveal growing concerns about data exposure, system resilience and priorities for a digitally secure healthcare system.

While awareness of cyber security risks is high, it’s undermined by insufficient preparation. Legacy systems may hinder the delivery of care, causing frustration, while most staff do not receive regular education on cyber security best practices.

Mapping NHS staff and UK public sentiments

The majority (60%) of the UK public are concerned that cyber attacks could disrupt or disable critical NHS systems. There’s growing public awareness of the importance of cyber security. More than half (57%) worry about attacks on the NHS, and 56% are concerned about patient data exposure. Clearly, cyber security is now a part of the public consciousness; people perceive the parallels between healthcare delivery and secure systems.

Despite these concerns, only 36% of NHS staff believe current measures are adequate to defend against attacks. Even though 94% understand their role in protecting against cyber threats, just 42% trust that existing systems are strong enough to protect sensitive patient data. This disconnect reveals a systemic issue, where healthcare professionals don’t feel sufficiently equipped with the tools or infrastructure to work effectively.

Why legacy systems hinder care

In turn, two-thirds (64%) of NHS staff report that patient data is isolated and inoperable due to outdated systems. These technological constraints undermine the ability of staff to provide care safely and efficiently, highlighting how legacy technology hampers collaboration and care. Investing in underlying technologies like connectivity and prioritising smart solutions that communicate effectively with each other will help reduce wait times and improve healthcare outcomes. This doesn’t have to mean ripping everything out and starting afresh: modernising existing technology and networks can be highly effective.

Worldwide, organisations invest at least 12% of IT budgets in cyber security. Across the NHS, 5% – less than half of the average – is standard, making the NHS more susceptible to attacks. However, the answer is not simply to spend more money; instead, spending more wisely should be prioritised. Inadequate preparation exacerbates the impact on patient care during breaches, adding unnecessary stress to staff. Funds must be directed towards solutions that address the NHS’s specific needs, such as advanced threat detection systems, secure communication platforms, and regular security audits.

Plugging training gaps with cyber security assessments

Education in cyber security is another significant gap across the NHS, even though awareness has grown. Despite a modest rise in training on new technologies (from 5% in our 2022 survey to 15% in 2024), training on both new and existing systems has fallen from 47% to 39%. Frontline staff report a lack of regular training, with 60% asking for more. This data implies that it is largely a one-off initiative, rather than an ongoing effort, exacerbating risks and vulnerabilities. It’s easy to imagine sitting behind a screen and ticking a few boxes – but we must go beyond such a passive approach.

Building cyber resilience within the NHS requires a multi-pronged approach. First, the underlying infrastructure must be modernised. Technologies like software-defined networking provide a strong foundation, alongside control frameworks like the Data Security Protection Toolkit (DSPT), Cyber Essentials, NHS’ ‘What Good Looks Like’, and National Cyber Services requirements.

Combined with cyber security assessments by trusted third parties like BT, this approach enables seamless communication and data sharing without compromising security. For example, a cyber security health check from BT’s Security Advisory Services helped the South West London Integrated Care Board better understand its cyber security posture, bring in key health requirements, and identify strengths and weaknesses.

Second, collaboration is key – success cannot be achieved in isolation. Partnering with leading minds across healthcare, policy, and business is needed. By building cyber resilience that truly meets the needs of the NHS, we can detect, defend, and deliver for everyone.
Finally, a cultural shift is needed to prioritise NHS cyber security at every level. This means embedding cyber resilience into the NHS’ ethos, from frontline clinicians to backend staff. It’s not enough to treat cyber security as an IT issue; it must be recognised as a core element of patient care. By fostering a collaborative culture, the NHS can ensure that systems, staff, and services can stave off cyber threats and protect patients.

Ultimately, the path to cyber resilience is not without its challenges. Still, the stakes are too high to ignore. The NHS depends on the uninterrupted delivery of healthcare services; data breaches or system failures can have serious consequences. By taking decisive action to modernise infrastructure, invest in training, and collaborate with partners, the NHS can strengthen its defences and safeguard its future.

Cyber resilience is not a fixed endpoint but instead a continuous journey. The digital landscape will continue to evolve, and so must the strategies to protect it. For the NHS to thrive in this digital age, it must embrace a proactive, forward-thinking approach to cyber security.

Clinicians are incredibly busy, constantly working hard for their patients. To provide meaningful support, we must value their time and provide a secure, uninterrupted, place to work alongside regular cyber training and assessments that encourage prevention, rather than cure. This commitment will not only protect data and systems but also ensure that the NHS can continue to deliver high-quality care to those who rely on it most.

To learn more, read BT’s new eBook: ‘Building Cyber Resilient Healthcare: Strengthening the NHS to Safeguard Patients’.