In May 2017, the WannaCry ransomware attack infected computers and connected devices, resulting in cancelled appointments and procedures across the country. This event shone a spotlight on the need for robust cyber resilience across the healthcare sector and wider supply chain. The incident triggered new processes, investment in technology, and training to secure one of the nation's most prized assets.
Konica Minolta Business Solutions (UK) Ltd has a wealth of experience working closely with NHS trusts and organisations serving the sector, with solutions for printing, processes, and protection. Two of our team were delighted to be invited by the University of Bedfordshire to share their expertise with students on the University’s MBA in Hospital and Health Service Management course.
The Session
Leigh Jolly, Change and Information Security Lead, and Richard Halstead, Business Leader Healthcare & Major Accounts, gave a real‑world perspective on the challenges and responsibilities facing healthcare organisations today in a session entitled ‘Information Security in the Healthcare Sector’.
Leigh opened the session by grounding students in the fundamentals of information security and why it is so critical in a healthcare environment. With technology now embedded in every aspect of patient care - from electronic health records to diagnostic systems - cyber resilience is directly linked to patient safety, service continuity, and public trust.
She introduced the core principles of information security: confidentiality, integrity, and availability. Leigh explained how each principle plays a vital role in ensuring that sensitive patient data is protected, systems remain accurate and reliable, and essential services stay operational. Cybersecurity is not just an IT problem. When any of these principles fail, the consequences can be severe, affecting everything from clinical workflows to patient health and outcomes.
The evolving threat landscape
Students were then taken through the most common types of cyber-attacks affecting healthcare organisations today. Phishing, ransomware, malware, DDoS attacks, password breaches, insider threats, and social engineering all pose significant risks. Leigh also discussed the different types of threat actors, from opportunistic criminals to highly organised groups and nation-state-sponsored gangs, highlighting that healthcare remains one of the most targeted sectors due to the value of its data and the critical nature of its services.
Drawing on real‑world examples, Leigh explored what happens when cyber defences fail. She explained how system outages, data breaches, and operational disruption can cascade through a hospital or Trust, affecting everything from appointment scheduling to emergency care. These scenarios helped students understand the importance of proactive security, not just a reactive response.
The three pillars of cybersecurity
A key theme of the presentation was that cybersecurity is not just a technology issue. Leigh outlined the three pillars that underpin effective security in healthcare:
- People - training, awareness, authorisation, and physical security
- Process - governance frameworks, policies, procedures, and audits
- Technology - technical controls, and security testing
She stressed that true resilience comes from balancing all three. Even the best technology cannot compensate for weak processes or untrained staff.
Standards, frameworks, and the NHS approach
Leigh also introduced students to the common security standards and frameworks used across the sector, including Cyber Essentials Plus, ISO/IEC 27001) before walking through the NHS’s layered approach to cybersecurity and assurance, which includes controls such as the NHS Data Security and Protection Toolkit (DSPT), Digital Technology Assessment Criteria (DTAC) and the new NHS Supplier Cyber Security Charter. This gave students a clear understanding of how healthcare organisations structure their defences and measure their effectiveness.
The session concluded with an overview of common technical controls and solutions, and the concept of “defence in depth”- the idea that multiple layers of security are needed to protect systems effectively. Leigh explained how these controls are selected based on risk, threat level, and budget, and why securing the supply chain is just as important as securing internal systems.
A valuable learning experience
The presentation ended with an open discussion, where students explored topics such as password hygiene, AI’s role in cybersecurity, and how to learn more about cybersecurity. Leigh’s practical insights, combined with her experience across IT, project delivery, and cybersecurity leadership, gave students a rare opportunity to connect theory with real‑world practice.
It was clear from the feedback that the session made a lasting impact. As Dr. Emma Buick, Course Leader for MBA (Hospital & Health Service Management), from the University of Bedfordshire, shared afterwards:
“That was fantastic – the students are talking about it and are really buzzing. I’ve since had a couple of emails from students to say how much they enjoyed it, so thank you again!”
Konica Minolta is proud to support the next generation of healthcare leaders, and we look forward to continuing our collaboration with the University of Bedfordshire as students prepare to shape the future of digital healthcare.