September has been full of progress, both for our business and our team. From strengthening our presence in the HealthTech community to celebrating big personal achievements and refining Harpe with new updates, it’s been a month of growth and momentum.
Here’s a look at what’s been happening at Periculo.
We’re excited to share that Periculo is now a member of the Association of British HealthTech Industries (ABHI), the UK’s leading industry association for HealthTech.
ABHI represents over 400 members across the sector, ranging from global companies to innovative SMEs, accounting for around 80% of the industry by value. The association plays a vital role in shaping policy, engaging with government and the NHS, and fostering collaboration to advance HealthTech innovation in the UK and internationally.
Becoming a member reflects our commitment to supporting the wider HealthTech community and ensuring cybersecurity remains a key part of the conversation as the sector continues to grow.
With the DSPT portal now open for 2025/26 submissions, we’re actively supporting clients in early planning to maintain audit readiness and reduce compliance stress. Alongside this, we are also refining our service process to ensure a smooth audit process.
It hasn’t just been a busy month in the office—our team has also been pushing boundaries outside of work.
Harrison, our founder, completed his very first IronMan in Wales, an incredible achievement.
Meanwhile, Craig and Connor both took on their first Marathons, running the Bristol to Bath Trail Marathon.
We’re proud of the team for setting ambitious goals and seeing them through.
We’re pleased to share that Periculo is progressing toward submission for CHECK accreditation, the UK government’s assurance scheme for penetration testing.
Building on our CREST-accredited expertise, achieving CHECK status will allow us to support clients in other regulated sectors such as defence and government supply chains, with accredited penetration testing to the highest NCSC standards. We look forward to further strengthening our trusted, compliant, and specialist security services as we move through the submission process.
We continually monitor industry trends and critical developments in digital health and cybersecurity. This month, our Security Wiki features the latest Cyber Essentials updates, offering actionable insights to help you strengthen compliance and safeguard your organisation.
Our latest update to Harpe, v1.3.14, focuses on fixing bugs and improving clarity across the platform. These enhancements are part of our ongoing commitment to keeping Harpe stable, intuitive, and reliable for all users.
PDF Documents – Resolved a loading issue so PDFs now open consistently.
Attachments in Attack Surface Scanning – Users can once again add attachments without error.
ISMS Meeting Minutes – Fixed an issue preventing minutes from opening.
Incident Attachments – Attachments can now be uploaded successfully to incident reports.
Attack Surface – Domain Addition – Adding new domains now works smoothly.
User Offboarding – Fixed an error that affected user offboarding, improving access management.
Clearer Wording for Harpe Brain – We’ve refined the language across Harpe Brain to reduce ambiguity and make it easier to understand how to get the most value from the feature.
We’re hiring. If you know someone who’d be a great fit, please share our Operations & Service Delivery Manager role:
Almost 70% of healthcare organisations experienced third-party vendor breaches in the past year.
Supply chains remain a critical weak spot, with compromised software providers and contractors often serving as the entry point for attackers.
How Periculo helps: we assess supplier risk, run penetration testing, and use Harpe to track compliance evidence, keeping your organisation and its partners audit-ready and secure.
Security Tip of the Month
Review and manage third-party access
In 2024, over a third of data breaches were linked to vulnerabilities in third-party organisations, including vendors, suppliers, and software providers. Unmanaged access from external partners exposes critical systems and sensitive data to unnecessary risk.
Schedule regular reviews of vendor, contractor, and service provider permissions. Remove unnecessary access rights and enforce the principle of least privilege, minimising supply chain risk and strengthening your overall security posture.
Zero-Day Vulnerability
A flaw in software or hardware that is unknown to the vendor and has no available fix. Attackers often exploit zero-days before organisations are aware of the risk.
Thank you for catching up with us this month. If you’d like to stay ahead with the latest updates, insights, and security tips, don’t forget to subscribe to our newsletter and be part of the growing Periculo community.