We’ve been celebrating, certifying, and sharpening our capabilities, all while helping clients stay ahead of evolving threats and NHS expectations. Here’s what we’ve been up to this August.
This month, we quietly marked a major milestone—Periculo turned 10.
What started as a small, security-focused consultancy has grown into a trusted name in digital health cybersecurity. Over the past decade, we've helped organisations navigate complex standards, pass critical audits, and secure sensitive data, all with clarity, speed, and empathy.
To celebrate, we kept it simple with a pizza party in the office. A moment to recognise the hard work behind the scenes, and to thank the people who’ve trusted us to support their mission.
To our clients, partners, and team, thank you for helping shape the last 10 years. We're just getting started.
Last year, Connor was recognised as Periculo’s Employee of the Year 2024—and as part of that achievement, he was awarded a trip to DEF CON 2025 in Las Vegas, the world’s largest hacker conference.
Connor has shared his reflections in a new blog post, covering highlights from Operation Europa Crisis, a live crisis simulation that exposed how fragile healthcare systems can become under cyberattack. From observing how attackers exploit weak points in medical infrastructure to the importance of resilience frameworks like ISO 27001, his write-up gives a unique insider’s view into the lessons digital health companies need to take seriously.
This isn’t just theory—it’s insight from the frontlines of one of the biggest security events in the world.
Read Connor’s full blog here: Lessons from DEF CON 2025 – Operation Europa Crisis
We’re pleased to share that Periculo is again certified in IASME Cyber Assurance Levels 1 and 2.
This UK-based framework is designed to help organisations implement strong, measurable security across areas like risk management, access control, patching, and business continuity. Certification demonstrates not just technical security, but a holistic, well-governed approach to cybersecurity.
77% of ransomware attacks now involve data exfiltration before encryption.
Known as "double extortion," this tactic means even organisations with backups are vulnerable to having sensitive data leaked. Prevention and detection are just as important as recovery planning.
Set up alerts for changes to user privileges.
One of the first things an attacker will do is try to escalate access. Enable real-time alerts for admin rights changes and permission escalations to catch suspicious activity early.
Privilege Escalation
When a user or attacker gains higher-level access than intended, often by exploiting a vulnerability. This can allow unauthorised access to systems, data, or controls.
This month, we’ve continued to support digital health companies with:
ISO 27001 audit readiness and recertification
Penetration testing for NHS contracts
DSPT evidence reviews and 2025/26 planning
AI security and risk assessments aligned to NHS guidance
Need help with your audit or upcoming security review?
Whether you're building, scaling, or preparing for an audit, we’re here to help you move faster—without cutting corners.