Sign up to save your podcasts
Or
Share NHS Cybersecurity Crisis: Who is Actually Protecting Your Medical Records?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
NHS Cybersecurity Crisis: Who is Actually Protecting Your Medical Records?
Welcome to Razorwire, where we examine the realities facing cybersecurity professionals on the front lines of digital defence.
In this episode, I am joined by Rob Priest, a former NHS insider with 24 years of experience, and returning co-host Richard Cassidy to expose the cybersecurity crisis gripping Britain's healthcare system. From WannaCry's devastating impact to recent ransomware attacks on children's hospitals, our experts reveal why the NHS remains a prime target for cybercriminals despite years of warnings and government promises.
Rob shares insights from his transition from running around hospital corridors with paper records to witnessing sophisticated nation-state attacks that can cripple entire trust networks for months. Richard brings his unique perspective as both a cybersecurity professional and working paramedic who experienced firsthand how cyber attacks paralyse emergency services when systems go dark.
Whether you're a healthcare professional worried about patient safety, a cybersecurity expert trying to understand why healthcare remains so vulnerable, or a concerned citizen wondering why your medical data isn't better protected, this conversation cuts through the political rhetoric to examine what's actually happening behind NHS firewalls.
Tune in for an unvarnished look at legacy systems running on Windows 95, the shortage of qualified CISOs across 213 NHS trusts and why the government's latest cybersecurity mandates might create more problems than they solve.
Listen in for:
- The Hidden Fallout of Cyber Attacks on Patient Care - Understand the cascading impact that ransomware and outages have, not just on IT, but on clinicians, paramedics and everyday patient outcomes. Rob shares first-hand accounts of real NHS incidents and why cyber breaches are, at their core, clinical emergencies.
- Why Legacy Tech and Fragmented Leadership Leave Us Exposed - Hear why outdated, unsupported systems and a chronic lack of cyber leadership make true resilience so tough in large NHS trusts. We unpack the disconnect between government strategy, local implementation and real world risk.
- Practical Steps (and Missed Opportunities) for NHS Cyber Resilience - Explore what actually works, from playbooks and clinical 'huddles' to the role of centralised threat intelligence - and where policy too often lags behind reality. If you want to know how to prioritise resilience amid chronic uncertainty, this episode is essential listening.
Get ready for a grounded discussion that blends expert perspective with genuine NHS war stories - plus candid thoughts on what really needs to change.
On learning from cyber incidents before they happen:
"Organisations that understand the impacts of events the best are the ones that have actually gone through it. My question is: does that have to be the case?"
Rob Priest, Rubrik
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- Understanding Escalating Cyber Threats to the NHS - Learn how nation-state actors and cybercriminals are targeting NHS organisations through supply chain weaknesses and vulnerable digital infrastructure.
- Recognising Legacy Technology and Technical Debt Challenges - Discover why outdated IT systems and unsupported medical devices create persistent security challenges and make patching complex and risky.
- Assessing the Impact on Patient Care and Clinical Operations - Understand how cyber incidents lead directly to care disruptions, cancelled appointments and patient safety risks when systems become unavailable.
- Identifying Supply Chain Vulnerabilities - Learn about the risks from third party vendors and service providers that expose NHS trusts to breaches originating beyond their direct control.
- Recognising Workforce and Leadership Gaps - Explore the critical shortage of cybersecurity leadership across NHS trusts and why so few employ dedicated CISOs or security professionals.
- Evaluating Government Strategy, Regulation and Funding - Understand the challenges of fragmented mandates, insufficient funding and slow implementation of government-led cybersecurity initiatives.
- Understanding the Fallout of Organisational Change - Learn how ongoing restructurings like NHS England's disbandment create uncertainty, undermine coordination and risk losing experienced staff.
- Exploring Centralisation vs. Localisation Challenges - Discover the tensions between centralised security services and the bespoke needs of individual trusts in maintaining effective governance.
- Learning from Real-World Incident Impacts – We discuss the lessons learned from major incidents like WannaCry and ransomware attacks and why organisational learning remains slow despite clear vulnerabilities.
- Implementing Resilience and Cyber Preparedness - Learn practical approaches including playbooks, cyber incident drills, impact quantification and integrating clinical and cybersecurity teams to improve NHS cyber maturity.
Resources Mentioned
- Rubrik
- NHS (National Health Service)
- NHS England
- NHS Digital
- NCSC (National Cyber Security Centre)
- Active Cyber Defence Programme (NCSC initiative)
- NCSC Cyber Assessment Framework (CAF)
- DSBT (Data Security and Protection Toolkit)
- WannaCry
- Synnovis
- British Medical Association (BMA)
- Cyber Security Strategy for Health and Adult Social Care 2023–2030
- Cyber Security Resilience Bill
- DORA (Digital Operational Resilience Act, EU)
- Indiana Jones and the Raiders of the Lost Ark (film)
- The Cyber Sentinel’s Handbook (book)
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email [email protected].
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
Youtube: Razorthorn Security
Twitter: @RazorThornLTD
Website: www.razorthorn.com
All rights reserved. © Razorthorn Security LTD 2025
View all episodes
By Razorthorn Security | Cybersecurity & InfoSecWelcome to Razorwire, where we examine the realities facing cybersecurity professionals on the front lines of digital defence.
In this episode, I am joined by Rob Priest, a former NHS insider with 24 years of experience, and returning co-host Richard Cassidy to expose the cybersecurity crisis gripping Britain's healthcare system. From WannaCry's devastating impact to recent ransomware attacks on children's hospitals, our experts reveal why the NHS remains a prime target for cybercriminals despite years of warnings and government promises.
Rob shares insights from his transition from running around hospital corridors with paper records to witnessing sophisticated nation-state attacks that can cripple entire trust networks for months. Richard brings his unique perspective as both a cybersecurity professional and working paramedic who experienced firsthand how cyber attacks paralyse emergency services when systems go dark.
Whether you're a healthcare professional worried about patient safety, a cybersecurity expert trying to understand why healthcare remains so vulnerable, or a concerned citizen wondering why your medical data isn't better protected, this conversation cuts through the political rhetoric to examine what's actually happening behind NHS firewalls.
Tune in for an unvarnished look at legacy systems running on Windows 95, the shortage of qualified CISOs across 213 NHS trusts and why the government's latest cybersecurity mandates might create more problems than they solve.
Listen in for:
- The Hidden Fallout of Cyber Attacks on Patient Care - Understand the cascading impact that ransomware and outages have, not just on IT, but on clinicians, paramedics and everyday patient outcomes. Rob shares first-hand accounts of real NHS incidents and why cyber breaches are, at their core, clinical emergencies.
- Why Legacy Tech and Fragmented Leadership Leave Us Exposed - Hear why outdated, unsupported systems and a chronic lack of cyber leadership make true resilience so tough in large NHS trusts. We unpack the disconnect between government strategy, local implementation and real world risk.
- Practical Steps (and Missed Opportunities) for NHS Cyber Resilience - Explore what actually works, from playbooks and clinical 'huddles' to the role of centralised threat intelligence - and where policy too often lags behind reality. If you want to know how to prioritise resilience amid chronic uncertainty, this episode is essential listening.
Get ready for a grounded discussion that blends expert perspective with genuine NHS war stories - plus candid thoughts on what really needs to change.
On learning from cyber incidents before they happen:
"Organisations that understand the impacts of events the best are the ones that have actually gone through it. My question is: does that have to be the case?"
Rob Priest, Rubrik
Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen
In this episode, we covered the following topics:
- Understanding Escalating Cyber Threats to the NHS - Learn how nation-state actors and cybercriminals are targeting NHS organisations through supply chain weaknesses and vulnerable digital infrastructure.
- Recognising Legacy Technology and Technical Debt Challenges - Discover why outdated IT systems and unsupported medical devices create persistent security challenges and make patching complex and risky.
- Assessing the Impact on Patient Care and Clinical Operations - Understand how cyber incidents lead directly to care disruptions, cancelled appointments and patient safety risks when systems become unavailable.
- Identifying Supply Chain Vulnerabilities - Learn about the risks from third party vendors and service providers that expose NHS trusts to breaches originating beyond their direct control.
- Recognising Workforce and Leadership Gaps - Explore the critical shortage of cybersecurity leadership across NHS trusts and why so few employ dedicated CISOs or security professionals.
- Evaluating Government Strategy, Regulation and Funding - Understand the challenges of fragmented mandates, insufficient funding and slow implementation of government-led cybersecurity initiatives.
- Understanding the Fallout of Organisational Change - Learn how ongoing restructurings like NHS England's disbandment create uncertainty, undermine coordination and risk losing experienced staff.
- Exploring Centralisation vs. Localisation Challenges - Discover the tensions between centralised security services and the bespoke needs of individual trusts in maintaining effective governance.
- Learning from Real-World Incident Impacts – We discuss the lessons learned from major incidents like WannaCry and ransomware attacks and why organisational learning remains slow despite clear vulnerabilities.
- Implementing Resilience and Cyber Preparedness - Learn practical approaches including playbooks, cyber incident drills, impact quantification and integrating clinical and cybersecurity teams to improve NHS cyber maturity.
Resources Mentioned
- Rubrik
- NHS (National Health Service)
- NHS England
- NHS Digital
- NCSC (National Cyber Security Centre)
- Active Cyber Defence Programme (NCSC initiative)
- NCSC Cyber Assessment Framework (CAF)
- DSBT (Data Security and Protection Toolkit)
- WannaCry
- Synnovis
- British Medical Association (BMA)
- Cyber Security Strategy for Health and Adult Social Care 2023–2030
- Cyber Security Resilience Bill
- DORA (Digital Operational Resilience Act, EU)
- Indiana Jones and the Raiders of the Lost Ark (film)
- The Cyber Sentinel’s Handbook (book)
Connect with your host James Rees
Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.
Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.
With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.
For more information about us or if you have any questions you would like us to discuss email [email protected].
If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.
Linkedin: Razorthorn Security
Youtube: Razorthorn Security
Twitter: @RazorThornLTD
Website: www.razorthorn.com
All rights reserved. © Razorthorn Security LTD 2025