Data chief raises concern about future of NHSE cyber security team

Guys’ and St Thomas’ NHS Foundation Trust’s digital chief has called on the government not to scrap the NHS England cyber security team during its top-down reorganisation. 

The trust was severely affected by the ransomware attack on NHS pathology provider Synnovis in June 2024, which led to 10,152 acute outpatient appointments and 1,710 elective procedures being postponed.

Synnovis, which is responsible for pathology services across south east London, is a collaboration between Guy’s and St Thomas’, King’s College Hospital NHS FT and SYNLAB.

Speaking at Digital Health Rewired 2025 on 18 March 2025, Denis Lafitte, chief digital information officer at Guys’ and St Thomas’, said the government’s announcement about abolishing NHSE is “very worrying”.

“I think everybody has a view on what the new future structure should be – what should be less or not in there.

“But the cyber security team from NHSE has been absolutely life saving for us in this incident.

“We don’t have cyber security experts in our IT department.

“Having NHSE, who are part of the NHS, there to help us the minute the incident was declared was absolutely invaluable.

“All the monitoring that is done day-to-day by NHSE and the alerts – that’s something that absolutely needs to remain in the changes moving forward.

“I can’t tell you who is going to make the decision, but I’ll be happy to tell them to please keep that support from NHSE – it’s vital for the trusts and frontline staff,” Lafitte said.

Speaking in the same session on lessons learned from the cyber incident in south east London, Dr Susan Robinson, pathology lead, clinical director, haematologist at Guys’ and St Thomas’, said that all pathology order, processing, testing and resulting systems, including transfusion were impacted by the cyber attack.

This resulted in the trust not having visibility of historical blood groups to confirm ABO group, historical antibody screens, extended phenotypes and patient special requirements.

“There was a real sense of a limit, with regard to the resilience of large scale failings in pathology and transfusion services and the ability to respond at speed to resolve things,” Robinson said.

Lafitte said that they did not know the exact vulnerability that had been exploited, because the cyber criminals had erased all logs and evidence of how they got into the system.

“What has been done is a complete build of a new infrastructure from scratch to make sure we don’t carry on with this vulnerability.

“Everything was reinstalled – completely different architecture, completely different software, completely different everything.

“Everything has changed because we didn’t know for sure what has happened.

“That was the only mitigation that could be put in place,” Lafitte said.

Following the attack, Guys’ and St Thomas’ is focusing on offboarding potentially insecure legacy systems and email infrastructure and migrating to secure NHSmail services.

It has introduced processes to ensure security of its new digital solutions, including AI solutions and medical devices.

The trust is also focusing on increasing awareness of cyber security throughout its supply chain and has implemented cyber risk management and monitoring processes.

Digital Health News contacted NHSE and the Department of Health and Social Care for comment.