SECURITY
planning and operations, with regular security assessments focused specifically on building management and energy systems.
Budget constraints are inevitable, but
the case for investment is strengthening. The per-minute cost of hospital downtime, coupled with growing evidence of attacks on healthcare infrastructure, provides concrete economic justification. Our research indicates proper energy and asset management can reduce energy bills by 20 per cent and cut operational costs by up to 30 per cent –savings that help to offset security investments while delivering sustainability benefits. Procurement processes must incorporate security criteria from the outset rather than accepting lowest initial costs that create long-term security and operational risks.
Smart connectivity.
Safeguarding power continuity Cybersecure circuit breaking technology represents an evolution in how we think about electrical protection. Traditional circuit breakers detect fault conditions and physically interrupt current flow. Modern intelligent circuit breakers now incorporate digital controls, communication capabilities, and remote management features that provide tremendous operational benefits – but also introduce the risk of hackers intentionally breaking circuits remotely.
Nigel Thomas
Nigel Thomas is national specification and projects sales manager at ABB Electrification – a leader in electrical distribution and control solutions. For the last 17 years, he has been responsible for specification, and now sales, across ABB’s UK infrastructure, building services and data centre projects. He focuses on building management and energy systems, lighting solutions, and medium- and low-voltage switchgear, and shaping the future of Net Zero through the specification of adaptive and people- centric smart buildings.
Carrying the shield for you Cloud-based platforms can provide superior security compared to on-premises systems. They benefit from continuous security monitoring, rapid patching, and security expertise that individual hospitals struggle to maintain. Unlike on-premises systems that need scheduled site visits for updates, cloud services adapt continuously to emerging threats. Physical security remains vital: control panels must be located in secure areas with restricted access, default passwords changed, and unnecessary physical interfaces disabled. Remote racking devices allow operators to control circuit breakers from safe distances. Open protocol platforms like KNX enhance rather
than undermine security. They prevent the vendor lock-in that creates long-term security risks, allowing hospitals to incrementally select and install components based on security credentials, and maintain their flexibility. This approach facilitates integration with new security tools without putting wards into downtime.
The operational reality Legacy system integration poses the most common difficulty. Few hospitals can design security into entirely new infrastructure; instead, they must retrofit security into mixed environments with decades-old equipment alongside new smart sensors. The solution lies in phased approaches that prioritise
systems that need immediate attention, like operating theatre environmental controls, intensive care unit power supplies, and emergency backup systems. Gateway devices and network segmentation create security boundaries even when legacy equipment lacks modern security features. Skills gaps require collaboration between estates management, IT security teams, and external specialists. Cross-functional working groups should address both
60 Health Estate Journal April 2026
Policy, standards, and regulatory evolution NHS England’s EPRR guidance requires business continuity during disruptive incidents, but historically focuses on physical resilience rather than cyber-physical threats. Recent power failures at Forth Valley Royal Hospital (70-minute battery reliance after backup generator failure) and Queen Alexandra Hospital (forced procedure cancellations and Emergency Department closure) demonstrate vulnerabilities even in high-quality infrastructure. The IEC 62443 standards provide comprehensive guidance for industrial automation and control systems security, but adoption in healthcare estates management lags behind other critical infrastructure sectors. Regulatory bodies should mandate cybersecurity standards for building management and energy systems, including security certifications for major equipment, regular audits, and incident reporting obligations. Information sharing remains underdeveloped.
Unlike finance and telecommunications, healthcare facilities lack established mechanisms for sharing threat intelligence. Forums for sharing information about threats, vulnerabilities, and countermeasures would benefit the entire sector.
The path forward Cybersecurity and smart energy management are not opposing forces. Security must be embedded in innovation from the earliest planning stages. Effective cybersecurity demands continuous attention: regular security assessments, prompt updates, monitoring for unusual patterns, periodic testing of backup procedures, and ongoing staff training. Estates departments and IT security teams must break down operational silos and collaborate effectively. The upgrade paradox calls for thoughtful, not slower, innovation. The technologies already exist and are proven. What is required is the collective will to implement these security measures as standard practice. As hospitals upgrade to meet challenges of an ageing population and climate change, every watt of smarter energy management must be matched by robust cybersecurity protection. For the millions of elderly patients who will depend on hospital care in the coming decades, ensuring buildings are both technologically advanced and fundamentally secure is our highest priority.
AdobeStock / ipopba
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68
