The programme
08:30
Registration & Networking
Registration - Open from 8:30 am - Closes at 11:00 am
All delegates must complete their registration process before the 11:00 AM cut-off time. Please arrive in a timely manner to allow for registration and to avoid any inconvenience. Delegates who arrive after the registration deadline will be refused entry to the event.
We appreciate your cooperation in helping us maintain the event's schedule and ensuring that everyone can fully participate in the Conference. If you have any questions or require assistance, our event staff will be available to assist you with the registration process.
Thank you for your understanding, and we look forward to an insightful and productive event together!
09:30
Chair Opening Address (Confirmed)
Dr Avi Mehra
Associate Partner & Clinical Safety Officer
IBM
Chair Opening Address
Setting the tone for a skills-first day on cyber resilience.
09:40
Keynote Presentation - From Compliance to Resilience: Cyber Security as Patient Safety (Speaker TBC)
Session Overview:
This keynote will set the tone for the day, unpacking how the DHSC’s Cyber Security Strategy for Health and Social Care 2023–2030 and the NHS 10-Year Plan converge around a simple truth: digital safety is patient safety.
The session will outline the government’s trajectory towards cyber-resilient organisations by 2030, highlight why ransomware readiness is no longer optional, and explore how cyber underpins delivery of digital-first, integrated care.
10:00
Morning Skill Clinic - The Ransomware Dilemma: Payment Bans, Reporting, and Real-World Response
Barry Richardson
Head of Cyber Security and Information Security
NHS Blood and Transplant
Session Overview:
With government proposals to outlaw ransom payments across the public sector, NHS leaders face a critical shift in how they prepare for attacks. This panel brings together voices from NHS England, the NCSC, and provider trusts to explore the operational, legal and ethical implications. Expect candid debate on mandatory reporting, board duties, and how to run exercises that simulate “no-payment” decisions while still safeguarding critical services.
Pannelists:
- Carol Mitchell, Head of Corporate IG & DPO, NHS England (Invited)
- Andrew Wright, Joint Head of Cyber Security, Hillingdon & LNWH NHS Trusts (Provisionally Confirmed)
- Barry Richardson, Head of Cyber Security and Information Security, NHS Blood and Transplant (Confirmed)
10:50
Morning Break & Networking
Morning Break & Networking
11:50
Chair Morning Reflection (Confirmed)
Dr Avi Mehra
Associate Partner & Clinical Safety Officer
IBM
Chair Morning Reflection (Confirmed)
12:15
Case Study - IntaForensics
Case Study - IntaForensics
Turning forensic insights into prevention, detection and reporting capability.
12:35
Leadership Lessons from the Frontline - From Legacy to Literacy: Building Digital Confidence Across the NHS (Confirmed)
Barry Richardson
Head of Cyber Security and Information Security
NHS Blood and Transplant
Session Overview:
“Building Digital Confidence in Real Teams: Practical Tools for Cultural Change”
Clinic Focus Areas:
- Establishing psychological safety as the foundation for digital change
- A simple, repeatable way to map digital confidence within teams
- Understanding capability blockers: emotional, structural, leadership-based
- Leadership behaviours and language that empower rather than overwhelm
- A practical, 90-day uplift framework that can be applied locally without large-scale restructure
Practical Takeaways We Could Provide:
- Digital Confidence Diagnostic (quick team assessment tool).
- Confidence-to-Capability progression ladder visual.
- Leadership conversation scripts for building trust and agency.
- Micro-transformation roadmap template.
- Playbook of small, high-trust interventions that actually shift culture.
This would position your session as both visionary and executable, something people can feel and act on immediately.
Case Study - CrowdStrike
Applying advanced detection and IAM at NHS scale.
14:15
Chair Afternoon Address (Confirmed)
Dr Avi Mehra
Associate Partner & Clinical Safety Officer
IBM
Chair Afternoon Address (Confirmed)
Case Study - BlueFort
About us:
BlueFort is the UK’s only Full-Service Security Integrator, specialising in identity and cloud security. As the security team for security teams, we combine expert knowledge with cutting-edge technology to help organisations secure their digital identities and cloud environments while navigating the complexities of compliance and regulatory requirements(NCSC CAF, NIS2, ISO 27001, and GDPR to name a few). With a curated suite of tools, products, and skills, BlueFort partners with CISOs and Security Operations teams to consolidate, optimise, and transform their security landscape—ensuring seamless protection against evolving threats in an increasingly cloud-driven world.
14:40
Interactive Workshop - What Would a Hacker Do? Practical Cyber Habits for Everyday NHS Life (Confirmed)
Nasser Arif
Award Winning Cyber Security Manager
London Northwest Healthcare NHS Trust and The Hillingdon Hospitals NHS Foundation Trust
Session Overview:
This hands-on cyber workshop will take delegates inside the mindset of a cybercriminal, exploring the simple, everyday vulnerabilities that can lead to major incidents and how you can protect against them.
Focusing on social media awareness, personal device security, and internal skill-building, attendees will leave with tangible actions they can apply immediately to their own digital lives and teams.
Rather than discussing past incidents, this interactive session will empower staff to recognise risk patterns, identify internal cyber champions, and embed a culture of proactive security across their organisations and homes.
Case Study - Heimdal
Heimdal is a leading provider of AI-powered, unified cybersecurity solutions, trusted by healthcare organizations and NHS Trusts to safeguard critical systems and sensitive patient data.
With a proactive, integrated approach to cybersecurity, Heimdal enhances operational resilience, ensuring compliance with NHS and healthcare-specific security frameworks such as Cyber Essentials, NIS2, NIST, and the Cyber Assessment Framework (CAF). Our solutions help healthcare IT and security teams reduce alert fatigue, streamline SecOps, and prevent cyber threats before they impact patient care.
Our award-winning portfolio of 10+ fully integrated cybersecurity solutions secures the entire IT estate—from endpoints to networks, cloud environments to privileged access. Whether it's mitigating ransomware threats, preventing business email compromise (BEC), enforcing Zero Trust, or managing vulnerabilities, Heimdal provides a seamless and scalable security platform tailored to the unique challenges of healthcare cybersecurity.
By partnering with Heimdal, NHS Trusts and healthcare providers can strengthen their defenses, ensure compliance, and focus on delivering uninterrupted, high-quality patient care.
15:20
Afternoon Skill Clinic - Board-Level Cyber Governance: Turning Risk Appetite into Real Resilience (Confirmed)
Jessica Figueras
Director & Co-Founder
CxB - Cyber Governance for Boards
Session Overview:
Cyber risk is no longer just a technical issue — it is a strategic, operational and governance challenge that shapes the resilience of every NHS organisation. In this practical Skill Clinic, cyber governance specialists Jessica Figueras and Olu Odeniyi unpack what board-level cyber oversight should really look like in 2026.
Moving beyond “zero risk” slogans, this session will help NHS digital, cyber and executive leaders interpret cyber risk appetite, understand the trade-offs that influence decision-making, and build governance frameworks that turn policy into day-to-day organisational behaviour.
Using real-world NHS and wider public-sector examples, delegates will explore:
- How to define and communicate a meaningful cyber risk appetite.
- The difference between governance reality and governance theatre.
- How AI, automation and discovery tooling are changing board expectations.
- Practical approaches to reporting, escalation and cyber risk assurance.
- How to strengthen relations between CISOs, Boards, NEDs and clinical leaders.
Outcome:
Attendees leave with templates, discussion prompts and governance models that can be used immediately to strengthen board engagement, improve decision-making, and embed accountability across digital, clinical and corporate teams.
15:40
Panel Discussion - Shared Care, Shared Risk: Strengthening Cyber Resilience Across Health and Social Care (Speakers TBC)
Michelle Corrigan
Chief Executive Officer
Digital Care Hub
Session Overview:
As health and social care services continue to integrate, the security of shared systems and data has become increasingly critical. This session brings together leaders working across the care ecosystem to explore practical approaches to strengthening cyber resilience.
We will discuss lessons learned from recent cyber incidents, the shared impact of system outages, and the importance of consistent standards, clear communication, and collaboration between NHS organisations, local authorities and social care providers.
The panel will highlight what good looks like in real-world settings and how to build a culture of security that supports safe, joined-up care.
Pannelists:
- Michelle Corrigan, CEO, Digital Care Hub (Confirmed)
- Additional Digital Care Hub Representative (TBC) (Invited)
- NHS representative (TBC) (Invited)
- Industry representative (TBC) (Invited)
15:40
Afternoon Breakout Clinic - The Future of NHS Identity: Cryptography, Zero Trust & Secure Access by Design (Speaker Provisionally Confirmed)
Facilitator:
- Prof Bill Buchanan OBE FRSE – Professor of Applied Cryptography, Edinburgh Napier University (Provisionally Confirmed)
Session Overview:
Identity and Access Management (IAM) is rapidly becoming the backbone of NHS cyber resilience — yet most organisations are still operating with fragmented credential models, inconsistent access policies, and legacy authentication systems.
In this hands-on Skill Clinic, Professor Bill Buchanan OBE, one of the world’s most cited experts in applied cryptography and digital identity, will demystify the building blocks of modern IAM and outline what secure-by-design identity needs to look like across a connected NHS.
Using real-world demonstrations and practical frameworks, Bill will explore:
- What zero-trust really means in NHS settings.
- Cryptography foundations for strong identity (in plain English).
- Lessons from decentralised identity models and where they fit.
- How to redesign access governance for shared care, FDP, virtual wards and cloud-first estates.
- Common NHS vulnerabilities linked to identity — and how to mitigate them.
- What IAM readiness looks like for 2030 cyber maturity.
Outcome:
Delegates will leave with simple, actionable IAM principles, sample access control models, and a clearer understanding of how to uplift identity assurance without creating friction for clinicians.
16:10
Food, Drinks & Networking
Food, Drinks & Networking
