Birmingham Group Healthcare NHS Basis Belief (BCHC) has flagged potential vulnerabilities that might result in a cyber assault.
The belief’s board paper, revealed on 5 June 2025, states that “there’s a danger of a cyber safety incident (examples malware/virus, ransomware and adware) because of an uncovered vulnerability because of working programs and software program being unpatched and never on the present anticipated degree of safety and compliance”.
This might “result in the lack of programs and knowledge, resulting in an info governance breach, lack of service and reputational injury,” it provides.
The belief additionally admits that it “could not have the required abilities, data, infrastructure and cyber safety as we improve our reliance on digital expertise which can affect out skill to ship providers all through the belief”.
In the course of the board assembly, Chris Holt, chief transformation officer on the belief, mentioned this danger was “broad in scope and that in addition to the growing cyber safety risk, it thought of the growing reliance on expertise and the potential affect of outages”.
Chichi Abraham-Igwe, non-executive director, concurred that attainable lack of abilities, data, infrastructure and cyber safety was “a big space of danger for the belief”.
Within the board paper it lists a number of the present gaps in controls for the belief, together with restricted assets within the cyber crew, growing variety of cyber threats being launched, {hardware} in use that wants changing, and a listing of customers in particular teams with authorised entry to software program which must be reviewed.
The belief nonetheless has highlighted inside the paper the controls that are actually in place to assist shield the organisation from being liable to a cyber assault.
These embody having a crew in place who’ve accountability for cyber with a devoted lead, a third-party firm who’s chargeable for cyber monitoring the place they handle the firewall and any potential assaults, and annual knowledge safety coaching in place for all BCHC workers.
Shafiq Khalifa, deputy director of digital providers at BCHC, informed Digital Well being Information: “We take cyber safety very severely, and is paramount to our organisation. It’s on the forefront of all the pieces we do.
“We’ve got carried out sturdy safety measures, together with common updates and steady monitoring, to make sure our programs stay safe and compliant.
“Our constructive publicity rating is a testomony to our unwavering dedication to cyber safety, and we’ve got complete plans in place to keep up this excessive customary.”
In February 2025, for the chance of a cyber safety incident, BCHC’s publicity rating was 55, earlier than dropping to 44 in March after which 20 in April, which “demonstrates that we now have this danger below management”, the board paper states.
In the meantime, King’s School Hospital NHS Basis has confirmed {that a} affected person demise has been linked to the cyber assault on NHS pathology system supplier Synnovis.
The ransomware assault on 4 June 2024 brought about widespread disruption to NHS providers in London, with 10,152 acute outpatient appointments and 1,710 elective procedures postponed at King’s School Hospital NHS FT and Man’s and St Thomas’ NHS FT.
