Weekly Round-Up Issue 12

This week's round-up: A maximum-severity vulnerability in widely deployed network infrastructure. The director of national cyber operations at NHS England announced his departure. An AI tool, built on NHS data, demonstrated what responsible use of health data can produce. Here is the full picture...

NHS CSOC Issues High-Severity Alert on Cisco SD-WAN Zero-Day (CVE-2026-20127)

NHS England's National Cyber Security Operations Centre published alert CC-4748 on 4 March 2026, warning that CVE-2026-20127 — an improper authentication vulnerability with a CVSSv3 score of 10.0 — could allow an unauthenticated attacker to bypass authentication and gain administrative privileges on affected Cisco Catalyst SD-WAN Controllers and Managers.

Cisco's Talos threat intelligence team attributed the exploitation activity to a threat actor tracked as UAT-8616, assessing it with high confidence to be a highly sophisticated actor that has been exploiting the flaw since at least 2023. Cisco subsequently warned that two further Catalyst SD-WAN flaws have also been found to be exploited. CISA issued Emergency Directive ED 26-03 in parallel, and the NCSC published joint guidance with its Five Eyes partners.

The NHS CSOC assessed it as highly likely that vulnerabilities in edge devices will continue to be exploited as zero-days or shortly after vendor disclosure, and strongly encouraged organisations to patch as soon as possible and follow NCSC-UK vulnerability management guidance. 

NHS suppliers running Cisco Catalyst SD-WAN infrastructure — particularly those using it to connect to NHS networks or hosted environments — are directly in scope. Because exploitation has been occurring silently since 2023, patching alone is insufficient: organisations must also review logs for indicators of compromise using the guidance in Cisco's advisory.

The NHS alert reference is CC-4748.

NHS England Cyber Chief Mike Fell to Step Down in May

Mike Fell, director of national cyber operations at NHS England, announced this week that he will step down from his role in mid-May 2026 to take up the post of chief security officer at the Department for Work and Pensions. Fell joined NHS England in 2022 and led the transformation of the NHS Digital Data Security Centre into the NHSE Cyber Operations team. 

His departure is part of a broader shift in senior digital leadership at NHS England: this week it also emerged that NHS England is actively seeking an interim chief information officer, and that interim chief digital and information officer Ming Tang is due to step down in April 2026.

April ICB Mergers

Twelve integrated care boards have been approved to merge from 1 April 2026, creating six new successor ICBs across London, the East of England, and the South East, with a further ICB boundary change also taking effect.

Suppliers with data processing agreements, system integrations, or DSPT registrations tied to any of the twelve legacy ICB codes have less than four weeks to review those arrangements. West and North London ICB confirmed it is already undertaking its DSPT process early to ensure data security continuity during the transition. 

AI Tool Built on NHS Data Predicts Heart Attack Risk in Cancer Patients

An international team of researchers, led by the University of Leicester, has developed ONCO-ACS the first risk prediction model designed specifically for cancer patients who have suffered a heart attack. The tool uses artificial intelligence to combine cancer-related factors with standard clinical data to predict the chances of death, major bleeding, or another cardiac event within six months.

The research drew on the Virtual Cardio-Oncology Research Initiative (VICORI), a national research platform for England that links routinely collected electronic health records from multiple NHS sources, supported by the British Heart Foundation Data Science Centre and Health Data Research UK. Researchers analysed outcomes for more than one million heart attack patients, including over 47,000 with cancer, across England, Sweden, and Switzerland.

This study is a compelling demonstration of what NHS data infrastructure can enable when governance and access frameworks are well designed. VICORI's ability to link records across multiple NHS sources at a population scale, securely and under clear ethical oversight — produced a model that outperformed existing clinical risk scores. For healthtechs seeking to develop AI-driven clinical decision support tools, it sets a benchmark for what rigorous, real-world validation looks like. The ONCO-ACS score was externally validated on a distinct dataset and was found to have possible favourable clinical utility as a practical tool for predicting cardiovascular death, myocardial infarction, and ischaemic stroke events.

Healthcare Ransomware Surges

In February 2026, ransomware groups claimed 680 victims across 72 countries. The healthcare sector saw a significant rise, with victim counts jumping from 40 to 93, with Qilin leading all groups at 104 victims claimed that month.

Qilin is the same group responsible for the June 2024 Synnovis attack that caused catastrophic disruption across London NHS hospitals.

NHS England's cyber operations leadership has stated that cyber attacks against healthcare are no longer a remote possibility and that close partnerships with NHS suppliers are central to preventing and responding to the threat.

Qilin's persistent focus on supply chain entry points rather than NHS organisations directly is the pattern that suppliers need to plan against — not just hospital-facing attacks.

The essential foundation for recovery is self-knowledge: understanding which systems you use, what they are used for, who uses them, and what happens if they are unavailable.

NHS SBS Launches £250 Million Patient Communication Framework

NHS Shared Business Services has launched a £250 million framework agreement for Patient/Citizen Communication, Engagement, and Hybrid Mail Solutions, effective from 16 February 2026 until 15 February 2030. The framework includes fully vetted suppliers providing everything from chatbots to SMS messaging to mail processing. It is meant to help organisations lower did-not-attend rates by improving appointment scheduling.

This is a live, structured procurement route for communication technology suppliers looking to secure NHS contracts across England. Framework inclusion provides access to the full NHS market without the need to navigate individual trust procurement processes, and the four-year term offers meaningful commercial visibility. For healthtechs with patient-facing communication products, appointment reminders, digital patient portals, hybrid mail, and workforce messaging, this is worth examining closely if you are not already on it.

Our Take

This week's developments arrive when the compliance bar for NHS suppliers is rising.

A leadership transition at the top of NHS cyber and ICB mergers is just weeks away.

The ONCO-ACS study shows what becomes possible when data governance is taken seriously from the outset. For suppliers and health techs alike, that is the right frame.

Robust security and information governance are not the obstacle to NHS market access: it is the prerequisite for it.

If any of this week's stories raise questions about your current position, Periculo is here to help.