What did the NHS learn after a cyberattack killed a patient?

刊登時間

In 2025, King's College Hospital NHS Foundation Trust confirmed that the death of one patient had been partly linked to a delayed blood test result caused by the cyberattack.

It was the first officially acknowledged case in the United Kingdom in which a ransomware attack was associated with a patient's death.

Within the NHS, cybersecurity is no longer viewed solely as an IT responsibility but as an integral component of clinical risk management.

The objective is not merely to prevent attacks but to ensure hospitals can continue delivering care during an incident and recover normal operations as quickly as possible afterward.

A single integrated digital platform reduces complexity, improves visibility across the IT estate and significantly lowers cyber risk.

Protecting one enterprise-wide system is considerably easier than securing dozens of disconnected applications maintained independently across multiple departments.

As healthcare organizations increasingly adopt artificial intelligence and cloud-based services, they must understand exactly who has access to patient information, where that data is processed, and how it may ultimately be used.

The concern extends beyond cybersecurity. Many AI developers require access to electronic health record data to train their models.

Hospitals, therefore, need complete transparency regarding where patient information travels and what legal and technical safeguards protect it once it leaves their own infrastructure.

【MORE】
資料出處: ICT&health