ARCHIVE
Weekly Round Up Issue 16
The regulatory direction of travel got louder this week. The NCSC pulled back the curtain on 18 months of coordinated ...
UK Biobank Data Listed for...
The UK government has issued a formal statement through the National Data Guardian after reports emerged that data from ...
AI Security Threat Series:...
Proving your data was used to train an AI — without ever seeing it You do not need to extract someone's data from a ...
Building Resilient AI Agents:...
As AI agents become increasingly embedded within enterprise workflows, prompt injection attacks have emerged as a ...
Threat Advisory:...
Introduction: The Emergence of AI-Powered Cyber Threats In early 2026, a sophisticated cyber intrusion targeting the ...
AI Security Threat Series:...
Extracting secrets from an AI that was never meant to share them A deployed AI model does not hand over its training ...
Weekly Round-Up Issue 15
This week's round-up arrives against a backdrop of significant cyber, regulatory and assurance activity affecting ...
MHRA SaMD Classification for...
I have spent the better part of a decade navigating the intersection of cybersecurity and regulated industries, from ...
LiteLLM Supply Chain Attack:...
In our original post from 27 March, we covered the initial details of the LiteLLM supply chain compromise: the affected ...
AI Security Threat Series:...
Corrupting an AI before it ever goes live Most AI attacks happen at the point of use. Data poisoning happens much ...
NHS Clinical Safety and AI...
I've spent the better part of a decade in cybersecurity, working with digital health organisations and later across the ...
Red Teaming the Microsoft...
I have spent the better part of a decade in the trenches of cybersecurity, moving from the high-stakes world of NHS ...
MHRA Expands AI Airlock: What...
The MHRA has secured £4.8 million to expand the AI Airlock programme. For anyone building medical device AI in the UK, ...
AI Security Threat Series:...
Convincing an AI to forget everything it was told Every AI model is built with boundaries. Jailbreaking is the art of ...
Is Your AI Infrastructure...
I have spent the better part of a decade in the trenches of high-stakes compliance. I have lived through the clinical ...
Weekly Round Up: ISSUE 14
This week brought a China-linked ransomware group actively targeting UK healthcare systems to the retirement of a key ...
AI Security Threat Series:...
When your AI does what the attacker says, not what you intended AI tools are only as trustworthy as the instructions ...
.png?width=344&height=200&name=Untitled%20design%20(5).png)
Project Glasswing and Claude...
Anthropic has just announced Project Glasswing, and if you work in cybersecurity, healthcare IT, or digital health, ...
NHS Issues Critical Fortinet...
NHS England Issues High-Severity Alert as Zero-Day Exploitation Confirmed NHS England has issued a high-severity cyber ...
The Hidden Threat — Securing...
A spacecraft launched with a compromised component cannot be recalled. The aerospace supply chain spans hundreds of ...
What Microsoft Actually Built...
On 2 April 2026, Microsoft published a blog post announcing the Agent Governance Toolkit — described as "open-source ...
Zero Trust Architecture for...
Zero Trust is not a product; it is a security philosophy: never trust, always verify. In traditional IT, Zero Trust ...
Anatomy of a Satellite Hack —...
On 24 February 2022, at the exact moment Russian forces crossed into Ukraine, a cyberattack took down tens of thousands ...
Claude Code Source Code Leak
Claude Code Source Code Leak Was Not a Targeted Cyberattack On the 31 March 2026, Anthropic, maker of the Claude AI, ...
From Ground to Orbit: The...
Every spacecraft communicates with the ground via radio frequency links, TT&C (Telemetry, Tracking, and Command) ...
Why Space is the Ultimate...
The Space ISAC reported a 118% surge in space-related cyber incidents in 2025. Space is no longer a benign environment; ...
FortiGate Exploits Put...
In recent months, cybersecurity teams worldwide have observed a significant rise in targeted attacks exploiting ...
AI-Driven Cyberattacks Target...
In a pivotal development within cybersecurity, recent AI-powered cyberattacks targeting multiple Mexican government ...
LiteLLM Supply Chain Attack:...
On 24 March 2026, LiteLLM — one of the most widely used open-source libraries for integrating large language models ...
AI-Assisted Slopoly Malware...
The New Face of Ransomware Persistence The cybersecurity landscape is undergoing a significant transformation as ...
GitHub Copilot vs. Enterprise...
GitHub Copilot has transformed how enterprise development teams write code. It suggests completions, generates ...
Two Major Medical Device...
In the space of seven days in March 2026, two of the world's most prominent medical technology companies disclosed ...
Cursor IDE Security: How to...
The AI-powered IDE revolution is here — and with it, an entirely new class of security risk that most developers ...
Critical OpenClaw Flaw...
The rapid rise of AI development tools is transforming enterprise innovation, enabling autonomous AI agents to augment ...
Weekly Round-Up Issue 13
This week’s cyber briefing: a major attack on a global medical equipment supplier, a new investigation revealing ...
Evaluating AI Jailbreaks with...
In this blog post, we explore how the StrongREJECT benchmark helps security engineers systematically evaluate and ...
Passing the Security Vibe...
In the rapidly evolving landscape of AI, the promise of AI-generated applications is both exciting and daunting. While ...
Inside the Wild World of...
Imagine an AI agent tasked with autonomously researching your company's competitors, crawling the web, synthesising ...
Stryker Cyberattack 2026:...
On 11 March 2026, employees at Stryker, one of the world's largest medical technology companies, arrived at work to ...
Weekly Round-Up Issue 12
This week's round-up: A maximum-severity vulnerability in widely deployed network infrastructure. The director of ...
DTAC Version 2: What Digital...
If you supply digital health technology to the NHS, there's a significant update you need to be aware of. NHS England ...
How to Work Effectively with...
A practical guide for technology and healthcare suppliers navigating NHS procurement The NHS is one of the largest ...
NCSC Cyber Alert: What UK...
The National Cyber Security Centre has issued an urgent advisory warning UK businesses and critical national ...
Weekly Round-up Issue 11
This week, the NHS's direct supplier engagement programme moved from letter to reality, a significant Microsoft patch ...
Cyber Incident Reporting for...
You've worked hard to win NHS contracts. You've passed the audits, met the DSPT requirements, and built a reputation as ...
NHS Supplier Assurance in...
If you supply the NHS or want to, the compliance bar just went up significantly. Between June 2024 and March 2025, two ...
DSPT Independent Audit for...
If you're an IT supplier providing digital services to the NHS, the mandatory DSPT independent audit is now a critical ...
DCC Guide: Generating A Hash...
The Defence Cyber Scheme (DCC) requires applicants to provide a hash alongside the evidence that is provided for the ...
Weekly Round-Up Issue 10
This week brought clarity to NHS digital priorities alongside sobering research on security preparedness: the EPR ...
Changes to Cyber Essentials...
The NCSC and IASME have just announced significant updates to the Cyber Essentials scheme, set to take effect on April ...
Weekly Round-Up Issue 9
NHS England Loses Two Senior Digital Leaders Within One Week Ming Tang, interim CDIO and chief data and analytics ...
Cyber Essentials for NHS...
As cybersecurity threats continue to evolve, NHS organisations are raising the bar for their suppliers. If you're ...
NHS Supply Chain Cyber...
December 2025 saw two significant cyber incidents affecting NHS services through supply chain compromises. DXS ...
Defence Cyber Certification...
Defence Cyber Certification (DCC) Level 1 Guidance For suppliers working with the Ministry of Defence (MOD), Level 1 is ...
The DCC Assessment Process...
The Defence Cyber Certification (DCC) scheme is a new framework for any organisation looking to work with the UK ...
Preparing for DCC Level 0
For many small and medium-sized enterprises (SMEs) looking to enter the Ministry of Defence (MOD) supply chain, the ...
Weekly Round-Up Issue 8
Welcome to this week’s round-up. We cover a major IT failure disrupting GP services, a targeted phishing campaign ...
Operational Technology (OT)...
The security of our physical systems is more critical than ever. For all organisations — and especially those in health ...
Belgium Hospital Cyber...
Belgian Hospital Cyberattack Cancels 70 Surgeries, Transfers Critical Patients in Growing Healthcare Security Crisis On ...
NHS AI Readiness and...
The NHS is racing to adopt Artificial Intelligence. From faster diagnostics to smarter admin systems, AI promises to ...
Weekly Round Up Issue 7
This week’s round-up highlights key developments shaping digital health. From ongoing challenges integrating AI with ...
£210m Government Cyber Action...
The UK Government published its long-awaited Cyber Action Plan on 6 January 2026, marking a fundamental shift in how ...
Biggest Cybersecurity Fines...
In 2025, regulators around the world continued to penalise organisations after major cybersecurity incidents. From ...
Issue 6 - Weekly Round Up
Happy New Year. In this week’s round-up, we highlight emerging risks from AI tools and critical cybersecurity alerts ...
Top 10 Cybersecurity Threats...
As digital transformation accelerates, the cybersecurity threats facing organisations in 2026 are becoming more ...
MHRA’s AI Medical Device...
Artificial intelligence is becoming deeply embedded in UK healthcare, from diagnostic imaging and clinical decision ...
UK Medical Device Vigilance...
Back in 2024, the UK government enacted legislation to clarify and strengthen post‑market surveillance (PMS) ...
Periculo Achieves Defence...
We have some more exciting news to share – Periculo is now officially accredited by IASME as a Certification Body at ...
Barts Health NHS Trust...
In December 2025, Barts Health NHS Trust – one of the UK’s largest hospital trust, confirmed it was the victim of a ...
Autumn Budget’s £300m NHS...
In the Autumn Budget 2025, Chancellor Rachel Reeves confirmed £300 million of new capital investment for NHS ...
Periculo Awarded IASME...
We are excited to announce that Periculo Limited has been officially awarded the Defence Cyber Certification – ...
The UK Now Faces Four Major...
The digital landscape of the UK is facing an escalating threat. A recent report from the National Cyber Security Centre ...
A Simple Guide to Preventing...
In the world of digital health and medical devices, data is everything. You handle sensitive patient information every ...
01.12.25 Threat Report
This week's threat report. As we enter December 2025, we will explore the SHA1-Hulud supply chain attack that has ...
OpenAI’s Data Breach
OpenAI recently alerted users to a security incident involving Mixpanel, a third-party analytics provider it used for ...
Lessons from the Synnovis...
The Synnovis ransomware attack wasn’t just another headline; it was a clear warning of how quickly supplier cyber risk ...
Issue 5 Weekly Round Up
In this issue, from new threats linked to large language models (LLMs) to the recent Salesforce data breach and ...
OWASP Top 10:2025 and What it...
The OWASP Top 10 remains one of the most influential security benchmarks in software engineering. The 2025 update is ...
Deconstructing the UK’s Cyber...
The introduction of the Cyber Security and Resilience (Network and Information Systems) Bill to the UK Parliament on 12 ...
Weekly Round Up - Issue 4
As the NHS continues its transformative journey into the digital age, last week brought developments both in healthcare ...
Supply-Chain Cyber Security:...
The Hidden Vulnerability Digital-health organisations rely on extensive networks of software vendors, cloud providers ...
Issue 3 Weekly Round Up
This week’s Round Up: The NCSC’s Windows 11 migration guidance, the ICO’s £14 million fine against Capita. Finally, the ...
10 Steps to Cyber Security...
Digital health organisations, from NHS suppliers to healthtech start-ups, handle some of the most sensitive data in the ...
What the NHS England Cyber...
Why the Cyber Security Charter Matters The NHS supply chain is under a growing cyber threat. In May 2025, NHS England ...
Why Cyber Essentials Plus Is...
Why Cyber Essentials Plus Matters More Than Ever If you supply technology, software, or services to the NHS, Cyber ...
ISO 27001:2013 Expired -...
Has ISO 27001:2013 Expired? The clock has officially run out for ISO 27001:2013. As of 31 October 2025, all ...
Weekly Round Up Issue 2
This week’s round-up centres on legacy risk, supplier assurance, and accountability. Windows 10 is now out of support, ...
NHS DSPT 2025-26: Audit...
The 2025-26 DSPT Is Live — Here’s What You Need to Know The Data Security and Protection Toolkit (DSPT) for 2025-26 ...
Cybersecurity for AI-Enabled...
Artificial Intelligence (AI) is reshaping healthcare, powering a new generation of AI-enabled medical devices that ...
EU AI Act and Medical...
A New Era for AI in Healthcare Artificial Intelligence (AI) is transforming healthcare — improving diagnosis, ...
EN 18031-2 Compliance: What...
The deadline has passed. As of August 1, 2025, EN 18031-2 cybersecurity compliance is now mandatory for all connected ...
NCSC–CISA OT Security Guidance
What It Means for UK Health and Critical Infrastructure Operational Technology, or OT, is no longer only associated ...
Critical Medical Device...
Medical devices are now prime targets for cybercriminals. The rise of the Internet of Medical Things (IoMT), combined ...
Cyber Assessment Framework...
The UK’s National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) is fast becoming the new benchmark for ...
Weekly Round Up
Issue 1 Welcome to our new Weekly Round Up. We aim to give you a brief recap of what mattered this week, why it ...
The Five Security Controls...
In digital health, data is your most valuable asset and your biggest liability. Whether you’re developing clinical ...
Cyber Essentials 2025: A...
For health tech and digital health companies, cybersecurity is not only about protecting patient data, it’s about ...
Kido Cyber Attack
The recent cyber attack on Kido, a leading childcare provider in the UK, is a stark reminder that no ...
Heathrow Cyber Attack
Brussels and Berlin Airports Also Hit by Cyber Attack On 19–21 September 2025, airports across London (Heathrow), ...
NHS Supply Chain: Cyber...
The NHS Procurement Policy Note (PPN) 014 makes an important clarification: ISO 27001 certification cannot be used as ...
Choosing the Right NHS DSPT...
When it comes to the NHS Data Security and Protection Toolkit (DSPT), your external audit isn’t just a compliance ...
NHS DSPT Audits: What to...
What Could the Future Hold for the NHS DSPT? The NHS Data Security and Protection Toolkit (DSPT) has long been central ...
Jaguar Land Rover...
In September 2025, Jaguar Land Rover (JLR) confirmed it had suffered a major cyberattack that forced production lines ...
NHS DSPT 2025-26: Guide for...
Category 2 IT suppliers providing critical services to the NHS, the Data Security and Protection Toolkit (DSPT) 2025-26 ...
NHS Supply Chain and DSPT...
The NHS Data Security and Protection Toolkit (DSPT) for 2025–26 (version 8) is now live, introducing what are described ...
NHS Supplier Cyber Security:...
The NHS Supply Chain has updated its cybersecurity requirements for suppliers. These changes are designed to protect ...
Windows 10 End of Support:...
Microsoft will officially end support for Windows 10 Home and Pro on 14 October 2025. Continuing to use Windows 10 ...
DEFCON 33: Diving Into...
If you’ve never heard of DEFCON, here’s the quick version: It’s one of the world’s largest and most famous hacker ...
Security Vulnerability...
CVE-2025-4395, disclosed on 24th July 2025, reveals a critical authentication weakness in Medtronic's MyCareLink ...
Lessons From DEFCON 2025:...
In this exercise, participants stepped into the shoes of hospital administrators, health-ministry officials, logistics ...
What is Pen Testing and Why...
The healthcare sector is one of the most-targeted industries by cybercriminals – it ranked #1 for cyberattacks in early ...
EN 18031-1: Keeping Health...
As a digital health executive, you know that regulatory compliance can make or break your product launch timeline. With ...
Decoding the FDA's Pre-Market...
Medical device and digital health companies must navigate a complex web of cybersecurity requirements when seeking FDA ...
Medical Device Cybersecurity...
Protect Patients, Ensure Compliance, Scale Securely What is Medical Device Cybersecurity Labelling? Cybersecurity ...
Interoperability and Medical...
What FDA Standards Now Expect (And Why You Can’t Ignore It) As medical devices become more intelligent and connected, ...
ISO 27001 vs SOC 2: Which...
In today’s digital world, organisations that handle sensitive data must prove they have strong security measures in ...
Mastering EN 18031-1
Essential Cybersecurity Strategies for IoT Manufacturers Under the EU RED As the Internet of Things (IoT) ecosystem ...
What is HIPAA Compliance?
If you’re a digital health or health tech company handling patient data, you’ve likely heard of HIPAA compliance. But ...
Cybersecurity Guidance for...
If you're leading a digital health company, whether it's a healthtech platform, a telemedicine service, or a wearable ...
'Digital by Default' What The...
The NHS has launched a new 10-year health plan that will make healthcare in England "digital by default". This means ...
UK Medical Device Regulation...
In June 2025, the UK introduced a landmark overhaul to its medical device regulations. While much of the focus has been ...
The First CVE I Found:...
Discovering and reporting a vulnerability seems to be a rite of passage for anyone in penetration testing or bug ...
Ransomware Attack Contributed...
A Cyberattack with Tragic Consequences In June 2025, the UK’s National Health Service (NHS) confirmed that a ...
Why Pen Testing Matters for...
For CTOs and compliance leads in digital health startups, cybersecurity can feel like a high-stakes tightrope walk. ...
Different Types of...
Cybersecurity is essential in Digital Health and MedTech. With sensitive data, cloud platforms, and connected devices ...
HRMC Cyber Attack
HM Revenue & Customs (HMRC) were a victim of a major fraud incident. Criminals managed to steal approximately £47 ...
The North Face, Cartier,...
In recent weeks, a wave of cyberattacks has struck some of the world’s most recognisable retail and luxury brands—The ...
Two NHS Trusts Hit by a Cyber...
NHS Mobile Software Breach: Two Trusts Impacted by Cyber Attack University College London Hospitals (UCLH) and ...
2025 Cyber Attacks on Major...
Cyber criminals have targeted several major retailers in a series of attacks that disrupted services, exposed customer ...
How to Pass the DSPT Audit:...
When it comes to completing the NHS Data Security and Protection Toolkit (DSPT) audit, many IT suppliers stumble not ...
What Is an NHS DSPT Audit and...
If your organisation handles NHS patient data or connects to NHS systems, for example as an IT supplier providing ...
Who Needs an NHS DSPT...
If your organisation handles NHS patient data or provides services within the health and care system, you will already ...
NHS DSPT Requirement 9.4.5:...
The NHS DSP Toolkit and the June 30th Deadline If your company handles NHS patient data or provides services to NHS ...
Vulnerability Scanning...
The Key to Digital Health Security and Compliance Data breaches and cyberattacks are constantly in the news, often with ...
Is the CVE Programme at Risk?...
A potential pause in the US-funded CVE (Common Vulnerabilities and Exposures) system could significantly impact how ...
Top Digital Health Compliance...
The digital health sector is always transforming, usually driven by advancements in AI management and increasingly ...
The Best Decision We Ever Made
A few years ago, Periculo was just another cyber security consultancy. No niche. No clear focus. Just a group of ...
AI Security Guidance: Keeping...
AI and machine learning are revolutionising digital health—but without the right safeguards, they can quickly become a ...
Navigating the Complexities...
Medical device manufacturers face a unique challenge when selling in both the U.S. and EU markets: navigating two ...
How to Conduct a Security...
In today’s interconnected business landscape, third-party vendors play a crucial role in delivering critical services, ...
What is the Right...
In today’s connected healthcare landscape, medical devices are becoming increasingly sophisticated—and so are the ...
Software as a Medical Device:...
In today’s rapidly evolving healthcare technology landscape, software is playing an increasingly central role in ...
%20(384%20x%20384%20mm).png?width=344&height=200&name=Copy%20of%20November%20Newsletter%20(384%20x%20384%20mm)%20(384%20x%20384%20mm).png)
UK Government Secret Demand...
In a move that has sparked intense debate over privacy and surveillance, the British government has reportedly issued a ...
.png?width=344&height=200&name=Copy%20of%20Threat%20Report%20Cover%20(300%20x%20175%20px).png)
What’s the Importance of ISO...
In the highly regulated world of medical devices, safety and quality are non-negotiable. Every product that enters the ...
Zero-Day Threats in Medical...
Today’s interconnected healthcare landscape, medical devices are increasingly reliant on software and network ...
How Synnovis Cyber Attack...
On June 3rd, Synnovis, a key pathology laboratory for several NHS organisations, was hit by a severe ransomware attack. ...
Multi-Factor Authentication...
Introduction: The Limitations of Passwords Passwords alone are no longer enough to protect personal or business ...
Adopting the Cyber Assessment...
In September 2024, a major change reshaped how data security is managed across the healthcare sector. The Data Security ...
Changes to the DSPT in 2024-25
In the 2024-25 period, a significant change is coming to how certain health and care organisations manage their Data ...
Essential Cyber Security...
The security of your business depends on the security of your suppliers. If one of your suppliers experiences a ...
FDA Post-Market Cybersecurity...
FDA Post-Market Cybersecurity Requirements: A Guide for Medical Device Manufacturers Once your medical device has ...
Navigating ISO Audits: What...
Completing my first audit as a security consultant was a real step into the unknown after transitioning careers to work ...
Win More Work: Cybersecurity...
Digital Health and MedTech is a fast-paced world and securing contracts such as the ones for NHS Trusts is as ...
Cyber Essentials Self...
This security wiki provides guidelines for effective security update management to ensure that your organisation's ...
Why MSSPs Are Essential for...
At Periculo, Your Cybersecurity is Our Priority Managed Security Service Providers (MSSPs) are a cornerstone in ...
NHS England’s Cyber Risk...
NHS England has recently announced plans to create a new Cyber Risk Rating Platform, marking an important step forward ...
.png?width=344&height=200&name=Blog%20Cover%20(2).png)
The EU Cyber Resilience Act:...
The European Union’s Cyber Resilience Act (CRA) represents a significant step towards improving cybersecurity across ...
NHS DSPT: Protecting Against...
B3.a Understanding Data Key Point: Your organisation must fully understand the data critical to its essential ...
Cyber Essentials Self...
This cyber essentials security wiki provides guidelines for achieving secure configuration of devices and services ...
DSPT-CAF Alignment: How It...
In an era where cyber threats are growing in scale and complexity, the NHS Data Security and Protection Toolkit (DSPT) ...
Fuzz Testing for Medical...
Medical devices need to meet strict security standards set by regulatory bodies such as the FDA and the European Union ...
Labour's Plans for Cyber...
On July 17, 2024, Prime Minister Keir Starmer's plans for new legislation on cyber security, digital, and data were ...
Cyber Essentials - User...
Cyber Essentials is a UK government-backed certification scheme that aims to help organisations protect themselves ...
.png?width=344&height=200&name=Blog%20Cover%20(1).png)
What Are The Changes to Cyber...
In April 2025, there will be changes to Cyber Essentials and Cyber Essentials Plus. Here's what you need to know. ...
How Periculo Helps Businesses...
Maintaining your Cyber Security Posture Day to Day A managed service customer looking to maintain their ISO27001 ...
NHS Cyber Attacks and...
The NHS faced a challenging 2024, with a series of cyberattacks and data breaches that disrupted healthcare services ...
Major Cyber Security Incident...
On 25 November 2024, Wirral University Teaching Hospital NHS Foundation Trust declared a “major incident” following a ...
Update on Wirral University...
Merseyside residents were faced with a third day of significant disruption following a cyber attack on Wirral ...
Cybersecurity for Medical...
Cyber Security for Medical devices is an important topic, and one that has become more important over the last few ...
How to Plan a Successful...
What is a Tabletop Exercise? A tabletop exercise (TTX) is a discussion-based simulation where participants walk through ...
Cyber Attacks on Healthcare...
In recent years, the healthcare sector has faced a surge in cyber attacks, highlighting vulnerabilities in critical ...
The FDA’s Core Cybersecurity...
Here’s what the FDA looks for when reviewing medical device cybersecurity during the pre-market submission process: 1. ...
Cyber Essentials - Firewalls
The Cyber Essentials certification scheme is a UK government-backed initiative that aims to help organisations protect ...