01 May 2025
by Chris Parker MBE

3 top tips for Healthcare Cyber Teams for a safer 2025

Guest blog by Chris Parker MBE, Director Government Strategy, Fortinet UK

In an increasingly digitised NHS, where data is not just important, access to it can mean the difference between life and death, NHS England is right to call out Cyber Security as a ‘foundational business need’. Fortinet has a significant install base across the NHS with over two thirds of primary and secondary care organisations having made investments in Fortinet technology and services. This blog aims to focus on offering some top tips from ‘observed best practice’ from hard-working NHS teams who ensure cybersecurity and safety for their patients, staff, devices and data. 
Fortinet offer 3 ‘top tips’ that NHS cybersecurity and network teams might use to enhance their success in the coming year. These are:

  1.     Turn the NHS strategy into operational action.
  2.     Embrace the CAF toolkit from UK Government.
  3.     Adapt to operating in today’s ‘constant threat environment’.  

Let us look at these in turn to help share some good best practice seen recently:

Turn NHS strategy into action

The DHSC & NHS England Strategy to 2030 was lauded as a solid foundation for NHS success. Fortinet has assisted many levels in the NHS and is soon to publish more thoughts on turning a healthcare strategy into action. As a first step we suggest drafting a sub-plan for each of the 5 Pillars in the strategy with the tasks and resources needed for them to be supported. At that stage speaking to third party suppliers like Fortinet will then identify the resources and timeline which allows a roadmap to form. As an added tip, using staff training as an easy and early, low-cost win. Fortinet Training is free to all customers and globally acknowledged as a ‘knowledge booster’ to a workforce. A good roadmap for turning ‘Strategy into Action’ will help guide confidence and resource allocation against a realistic timeframe.     

Embrace the CAF toolkit from UK Government

The Cyber Assessment Framework (CAF) has been developed by UK NCSC to provide a detailed approach by which organisations can assess their estate for readiness in preventing, detecting, and minimising the impact of Cyber-related events on UK organisations. It has been decided to be implemented across the NHS to unify cybersecurity self-assessment quality. Whilst all change is challenging, our tip is to embrace CAF early via staff education and practice sessions. Fortinet has helped this on a successful webinar in Spring 2025 as CAF can help teams as a toolkit to support resource allocation and planning by use of the 4 CAF principles. In time this will become the language used and help users and suppliers identify needs and reduce risks. 

Adapt to operating in today’s ‘constant threat environment’

Previously, we have all been used to detecting and defending against a set of potential cyber threats. The new 2025 Global Threat Landscape Report by Fortinet has highlighted that from now we will all be operating in a new, more dangerous era of a ‘constant threat environment’. AI can be used to increase the complexity and scale in attacking Healthcare users. Accordingly, teams must now pivot to ensure they are resourced and prepared for this next era of higher tempo risk. The 3rd top tip is to allocate a staff lead on threat awareness and always do regular 2 minute staff updates, short and sharp on team meetings. Further value is in case studies from discussions with suppliers like Fortinet who can offer high value, high grade, AI-driven, automated cybersecurity to safely enable 24/7 healthcare provision. 

In summary, these are just 3 ways as ‘top tips’ based on best practice seen live in UK by Fortinet, offered here to help the hard working, operational NHS cyber staff teams. Sharing best practice is part of the Fortinet philosophy and supports our positive recognition of all those delivering secure healthcare today in the UK.  

Authors

Chris Parker MBE

Chris Parker MBE

Director Government, Fortinet