Is the NHS 10 Year Plan fit for the future when it comes to cyber security?

Although it offers a long-awaited step forward, focused on bold innovations that will streamline and provide efficiencies. A recurring theme in the Plan is its ambitions for the NHS's 'world leading data' which will ultimately feed into initiatives critical to the NHS's success, such as the Single Care Record programme and an increase in AI usage.

According to patient responses, their desire around data usage is for a rigorous approach to privacy and security. However, the Plan itself has no focus on cyber security.

This is cause for concern – we must ensure our defences are just as strong as our ambitions. With the shift from analogue to digital and increase of data use, healthcare systems are becoming increasingly vulnerable, notably as there is also a push now to deliver neighbourhood health service in the community. This new delivery approach will also be heavily reliant on resilient and secure IT systems with an assured Cyber Protection posture.

The NHS serves 1.6 million people daily and any cyberattack, system failure or data breach can have far-reaching consequences, not only for productivity, but for patient safety and public trust. As threats become more advanced, we must treat healthcare not just as a public service, but as critical national infrastructure.

Other sectors, like defence and finance, already benefit from stringent cyber security standards and government-backed resilience frameworks. Healthcare deserves the same. Threat intelligence sharing, mandatory testing, and robust governance should be baseline, not optional.

Innovation must be underpinned by protection. Without securing the foundations, we risk building new systems on unstable ground. As we move forward, digital transformation must go hand in hand with resilience - because in healthcare, the stakes are simply too high.