Skip to content
Contact Us
All posts

August 2025

By  Craig Pepper  ·  2 minute read

We’ve been celebrating, certifying, and sharpening our capabilities, all while helping clients stay ahead of evolving threats and NHS expectations. Here’s what we’ve been up to this August. 

Periculo Turns 10 – A Decade of Digital Health Security

This month, we quietly marked a major milestone—Periculo turned 10.

What started as a small, security-focused consultancy has grown into a trusted name in digital health cybersecurity. Over the past decade, we've helped organisations navigate complex standards, pass critical audits, and secure sensitive data, all with clarity, speed, and empathy.

Cory and Pizza
Pizza

To celebrate, we kept it simple with a pizza party in the office. A moment to recognise the hard work behind the scenes, and to thank the people who’ve trusted us to support their mission.

To our clients, partners, and team,  thank you for helping shape the last 10 years. We're just getting started.

Connor’s DEF CON Experience

Last year, Connor was recognised as Periculo’s Employee of the Year 2024—and as part of that achievement, he was awarded a trip to DEF CON 2025 in Las Vegas, the world’s largest hacker conference.

Connor has shared his reflections in a new blog post, covering highlights from Operation Europa Crisis, a live crisis simulation that exposed how fragile healthcare systems can become under cyberattack. From observing how attackers exploit weak points in medical infrastructure to the importance of resilience frameworks like ISO 27001, his write-up gives a unique insider’s view into the lessons digital health companies need to take seriously.

This isn’t just theory—it’s insight from the frontlines of one of the biggest security events in the world.

Read Connor’s full blog here: Lessons from DEF CON 2025 – Operation Europa Crisis

IASME Cyber Assurance Level 1 & 2

We’re pleased to share that Periculo is again certified in IASME Cyber Assurance Levels 1 and 2.

This UK-based framework is designed to help organisations implement strong, measurable security across areas like risk management, access control, patching, and business continuity. Certification demonstrates not just technical security, but a holistic, well-governed approach to cybersecurity.

Security Fact of the Month

77% of ransomware attacks now involve data exfiltration before encryption.

Known as "double extortion," this tactic means even organisations with backups are vulnerable to having sensitive data leaked. Prevention and detection are just as important as recovery planning.

Security Tip of the Month

Set up alerts for changes to user privileges.

One of the first things an attacker will do is try to escalate access. Enable real-time alerts for admin rights changes and permission escalations to catch suspicious activity early.

Jargon Buster

Privilege Escalation

When a user or attacker gains higher-level access than intended, often by exploiting a vulnerability. This can allow unauthorised access to systems, data, or controls.

How We’re Helping

This month, we’ve continued to support digital health companies with:

  • ISO 27001 audit readiness and recertification

  • Penetration testing for NHS contracts

  • DSPT evidence reviews and 2025/26 planning

  • AI security and risk assessments aligned to NHS guidance

  • Onboarding Companies on our compliance tool– See how it simplifies compliance

Need help with your audit or upcoming security review?

Let’s Talk

Whether you're building, scaling, or preparing for an audit, we’re here to help you move faster—without cutting corners.