This week’s round-up highlights key developments shaping digital health. From ongoing challenges integrating AI with NHS electronic patient records (EPRs), to new guidance on secure connectivity for operational technology. A recent Belgian hospital cyberattack also highlights how cyber resilience remains a critical concern.
A recent survey by the Royal College of Physicians found that around 70% of doctors see NHS electronic patient record (EPR) integration as the main barrier to adopting artificial intelligence (AI) tools in clinical practice. Despite the growing availability of AI diagnostics and decision-support systems, many clinicians say current infrastructure is too fragmented or inflexible to support effective AI deployment.
For NHS suppliers and healthtech founders, this highlights the need to embed AI within existing NHS workflows rather than build standalone tools. Solutions that cannot integrate cleanly with NHS EPRs will struggle to gain traction, limiting the impact of AI on patient care. It also shapes compliance and procurement strategies, as trusts increasingly prioritise interoperability and data standards when choosing partners.
EPR integration is both a technical and compliance challenge. AI tools must align with NHS Digital standards on data security, privacy, and governance, and suppliers need to evidence robust data handling and cyber resilience when systems access sensitive patient information. Early, transparent engagement with NHS IT teams during integration planning can help manage risks such as data breaches or system downtime.
The Health Secretary has cautioned that the NHS faces greater risk from slow technological progress rather than overly rapid adoption. As the NHS becomes more digitally capable, accelerating the rollout of new technologies is necessary to keep pace with patient needs and innovation.
Pressure to accelerate deployments could lead to shortened procurement cycles and increased demand for scalable, ready-to-deploy solutions. However, it also means balancing speed with due diligence in security and compliance remains crucial.
Rapid technology adoption can increase exposure to cyber threats if security assessments are bypassed or insufficient. Suppliers should be prepared to demonstrate that their products are not only innovative but also secure and compliant.
The UK’s National Cyber Security Centre (NCSC) published new principles for designing and securing connectivity to operational technology (OT) systems. These guidelines assist organisations in reviewing and strengthening OT network security, which is critical in healthcare environments reliant on specialised devices and infrastructure.
NHS suppliers and healthtech operators that provide or manage OT, such as medical devices, building controls, or manufacturing equipment, must prioritise these security principles. OT vulnerabilities can lead to operational disruptions or safety risks, making secure connectivity a foundational element of digital health resilience.
The guidance reinforces the need for segmentation, monitoring, and access controls tailored to OT environments. Compliance officers should integrate these principles within organisational risk frameworks to meet NHS cyber standards and reduce potential attack surfaces.
Two major hospitals in Belgium experienced a cyberattack that forced the shutdown of critical IT systems, cancellation of surgeries, and transfer of critical patients to other facilities. The attack entered its second day, highlighting the severe operational impact cyber incidents can have on healthcare delivery.
This incident serves as a reminder for UK NHS suppliers and healthtech providers of the tangible consequences of cyber vulnerabilities. It emphasises the importance of robust incident response plans and resilient infrastructure to prevent similar disruptions within the NHS.
Healthcare organisations must maintain up-to-date cyber defence measures, including regular testing of backup and recovery processes. Compliance with NHS Digital’s Data Security and Protection Toolkit, alongside adherence to NIS2 regulations, will be critical in mitigating risk. Suppliers should also consider how their products support or enhance NHS cyber resilience.
That's all for this week. Fragmented NHS electronic patient records continue to block AI adoption, heard the Health Secretary's warning that slow technological progress poses the real risk to the NHS, new NCSC guidance on securing OT, and the cyberattack on Belgian hospitals that forced surgery cancellations and patient transfers. These developments remind us that digital health progress depends on balancing innovation with robust cybersecurity, interoperability, and compliance. Stay informed, stay secure, and we'll see you next week.