%20(1)%20(1).png?width=309&height=69&name=image-001%20(2)%20(1)%20(1).png "periculo")
Issue 6 - Weekly Round Up
Happy New Year. In this week’s round-up, we highlight emerging risks from AI tools and critical cybersecurity alerts affecting healthtech suppliers and NHS compliance. From Humber Health Partnership’s major electronic patient record (EPR) contract to new warnings on actively exploited software vulnerabilities and evolving AI-enabled attack vectors, we outline the key developments you need to be aware of this week.
1. Humber Health Partnership selects Dedalus ORBIS U EPR
NHS Humber Health Partnership has selected Dedalus ORBIS U as its new electronic patient record system, supporting the wider NHS drive to modernise patient records and improve interoperability across care settings.
For NHS suppliers and healthtech operators, this underlines the growing momentum behind integrated EPR platforms in the UK. Dedalus ORBIS U is positioned to streamline clinical workflows and improve access to patient data, with interoperability and user-centric design now baseline expectations in NHS procurement.
Any new EPR deployment introduces data security risks that must be tightly controlled. NHS organisations and their suppliers need to demonstrate robust DSPT compliance, particularly around secure data handling, access controls, and audit logging.
2. OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls
OpenAI has launched ChatGPT Health, a dedicated environment allowing users to discuss health concerns with an AI chatbot. Crucially, it offers isolated and encrypted controls for connecting medical records, aiming to enhance privacy and security.
While AI presents opportunities, it also introduces novel risks such as prompt injection attacks, data leakage, and misuse of sensitive health information. NHS healthtech providers must carefully evaluate AI vendor security claims and ensure compliance with UK data protection laws and NHS DSPT standards. Transparency around data usage and maintaining patient trust remain paramount.
3. Cyber plan launched to improve security of online public services
The UK government has launched a £210 million Cyber Action Plan aimed at enhancing the security and resilience of online public services, including NHS digital platforms.
4. Ministry of Justice spent £50M on security yet missed Legal Aid Agency cyberattack
Despite investing £50 million in cybersecurity enhancements, the UK Ministry of Justice failed to detect a high-risk system compromise at the Legal Aid Agency until long after the intrusion.
Our Take
This week’s stories point to a widening gap between digital ambition and operational cyber resilience across the UK public and health sectors. Large-scale EPR deployments, AI-enabled health tools, and renewed government cyber investment all signal strong momentum towards digital transformation, but they also expand the attack surface at a time when threat actors are becoming faster, more targeted, and more opportunistic.
For NHS suppliers and healthtech providers, the direction of travel is clear. Interoperability, AI integration, and cloud-first platforms are no longer optional, but neither is demonstrable security maturity. The Legal Aid Agency incident is a reminder that investment alone does not equal resilience; without effective monitoring, detection, and incident response, organisations can still miss serious compromises with direct implications for patient care, service continuity, and regulatory exposure.
AI’s growing role in healthcare adds further complexity. While tools like ChatGPT Health emphasise privacy and encryption, suppliers must look beyond vendor assurances and assess real-world risks such as data leakage, misuse, and model manipulation. This increases the obligation on healthtech companies to embed security-by-design, implement robust assurance over third-party AI services, maintain transparency, and ensure alignment with DSPT, UK data protection requirements, and sector-specific standards expected by NHS buyers.
Overall, the message for NHS suppliers and digital health is consistent: cyber security and compliance are becoming foundational enablers of growth, market access, and contract retention, not barriers to them. Organisations that treat DSPT, threat detection, vulnerability management, and resilience as strategic priorities—supported by structured governance, clear evidence, and repeatable processes—will be best positioned to support the NHS safely as digital health adoption continues to accelerate.
That is this week’s round-up. We hope you have had a productive week and found these updates useful. Thank you for reading, and we hope you have a well-earned, restful weekend.
