Clinisys customer summit 2025: navigating a new policy, pathology, and security landscape
Almost 400 UK pathology leaders gathered at the revamped Belfry hotel for CCSUK25 where the over-arching theme was how organisations can defend themselves from security threats; and recover fast if hackers get through
“I remember in the early 1990s, when we did our first user group meeting, we had 20 people including Clinisys staff,” mused Simon Hurst, Vice President, Strategic Growth UK&I, at the start of this year’s Clinisys Customer Summit.
“We had one row of people, and an overhead projector, with acetates, and a badly put-together flip chart from the office.” Well, it’s certainly not like that anymore. CCSUK25 was attended by more than 380 pathology leaders from across the UK. And it took place in the ballroom of the Masters Suite at the Belfry, which has just opened after a £2 million building project to create a state-of-the-art conference, exhibition, and spa. “Wow,” as Simon put it.
The only constant is change
The customer summit is not the only thing that has changed. In recent years, Clinisys has become a global company, with a suite of laboratory information systems that serve healthcare, scientific, and genomics labs.
In England, its technology has played a critical role in the development of pathology networks, as recommended in two reports by Lord Carter of Coles, and backed by NHS England.
It is continuing to deploy its Clinisys WinPath laboratory information system to networks that want to improve the efficiency and quality of their labs. While, in Northern Ireland it has just completed the first, national LIS roll-out.
At the same time, Clinisys has been investing in its order communications system, ICE, so it can support results reporting across networks and regions. Now, it is looking to layer-in innovation, including AI and automation, to support the next round of healthcare policy and pathology development.
Simon highlighted the publication of the 10 Year Health Plan in July. He argued Clinisys is well-placed to support the shift from hospital to community, by facilitating testing in new settings, and the shift from prevention to treatment, with its data analytics and genomics LIS.
He also highlighted a new review of pathology services from Lord Patrick Carter commissioned by the Institute of Biomedical Science and partners. “The review will baseline services for the decade ahead, so we are keen to contribute from our unique, digital perspective,” he said.
The long shadow of the South London attack
Less positively, the threat landscape has also been transformed. Just this year, there have been huge attacks on the Co-op, Marks and Spencer, and Jaguar Land Rover. While, in the NHS, the ransomware attack on pathology services in South London continues to send shock waves across the system.
As recorded by official NHS reports, in June 2024, a lab serving three NHS trusts and GP practices in the capital was hit by the Russian cybercrime group Qilin, which locked its computer systems and demanded a $50 million ransom to release them.
“More than 10,000 appointments were cancelled and 1,700 procedures postponed,” Catherine Jackson, clinical informatics manager for cyber operations at NHS England, told the summit. “More O blood had to be used, which meant there was a shortage. So, these events have a long tail.”
Tackling the cyber security challenge
Against this background, cyber security was the focus of most of the first day of CCSUK2025. Jacques Le Roux, Chief Information Officer, shared how Clinisys protects its people, partners and products through a culture of continues improvement.
It adheres to internationally recognised frameworks and standards, providing multiple layers of defence – and, importantly, those defences are continuously tested to ensure controls are working effectively. Testing also extends to employees, with regular phishing simulations designed to maintain awareness and readiness. “More or less all of our employees get at least one phishing test per week,” he said, “which can lead to some interesting conversations.”
Vendors and technology partners that want to work with Clinisys must go-through a risk assessment process and adhere to its standards. Security is also built into every product, with ‘security champions’ embedded in development teams to identify and fix vulnerabilities early, ensuring each release is more secure than the last.
“Cybersecurity is a shared responsibility”, Jacques said, “We continue to invest heavily on security, and so, I urge you to run the latest version of the software, because that is how you can benefit from that investment.”
Plan – and practice – for when everything is gone
Ed Tucker, chief information and security officer at Telefonica Tech, said there are plenty more things that organisations can do to defend themselves. They can segment their networks to stop malware spreading, install good defences, and monitor for anomalies.
They can control who has access to their systems, make sure employees set strong passwords (don’t use the same password all the time, don’t use any password that is ‘password’ with a capital P at the front and an exclamation mark or number at the end).
They can implement the kind of multi-factor authentication that is now common on banking and booking apps. But at the end of the day, hackers only need to get lucky once.
And then organisations need a pathway to recovery. And the first thing they need to decide is what does recovery look like. “If everything is gone, what are you going to restore to? What is your minimum viable business? What do you need to keep afloat?”
Having done that, Tucker added, organisations need to work out what interfaces with those systems; and what connectivity and devices they will need to work. “There’s a lot more to getting up and running again than Mark 1 – pen – and Mark 2 – paper.”
Four generations, four cyber challenges and responses
In her presentation, Catherine Jackson gave some examples from pathology. If part of the business continuity plan is to switch work to another lab, does it use the same blood sample bottles, and can transport get them over in time?
If information is being recorded on pen and paper, how is it going to be transferred to the electronic patient record? Do staff even know how to work on pen and paper? “Staff coming through are born digital,” she said. “So, if the system isn’t there at 3am – because hackers don’t work office hours – does the nurse on the ward know what to do?”
Chris Sleight, who has just retired as chief officer of the Greater Manchester Diagnostics Network, expanded on this point. In a new version of his popular presentation on generational shifts in the workforce, he said cyber security vulnerabilities and responses vary by generation.
Boomers (the immediate post-war generation) “are more trusting and often use the same passwords,” he said. Gen X (born in the mid ‘60s to ‘80s) “are better, because they’ve seen the development of online,” although they can get sloppy with the basics, like patching.
Millennials (who came of age in the 2000s) and Gen Z are “more vulnerable” because they have a lot of devices and can be susceptible to social engineering, while Alphas (today’s teenagers) “will click on anything.”
Each group will need different forms of security training and have a different role to play in business continuity. Boomers and Gen Xers will have the “deep knowledge” of processes that is needed to underpin plans; younger workers will have the frontline experience necessary to stress-test them.
Lessons from Northern Ireland’s big LIS roll-out
Vigilance of another kind was the theme of another presentation, by Denise Cook, chief of quality, governance, leadership and development at Berkshire and Surrey Pathology Services.
She spoke about the shocking case of David Fuller; an electrician convicted in 2021 of two murders and of abusing the bodies of more than 100 women and children at two hospitals over 12 years. An inquiry criticised staff for a lack of “professional curiosity” and for “over-familiar relationships” that led standards to slip.
Cook argued pathologists must practice the “skill” of professional curiosity, however hard it is to learn and uncomfortable to practice, so they can act on their instincts if something feels amiss.
This also posed a question about how professional curiosity can also be applied to IT behaviours and our increasing interaction with e-mail, Teams and other channels.
Testing of a different kind was on the minds of Melissa Cochrane, Head of Programme Delivery at the Business Services Organisation (BSO) and Karin Jackson, Chief Executive of the Northern Ireland Blood Transfusion Service.
They explained that national deployment of Clinisys WinPath was part of a broader modernisation of pathology services and of IT systems. Melissa said that with a new patient identifier, imaging system, and electronic patient record coming on stream “there were more than 70 interfaces to test.”
Despite the complexities, Clinisys went live in Belfast and South Eastern trusts in 2023 and was live at all five health and social care trusts and the NIBTS by this spring. Now, the foundations have been laid for further developments, including blood production and tracking. “It is quite an ambitious plan,” Jackson said of a project that will be Europe’s first ‘vein-to-vein’ management system, “but we think we will get there in the next few years.”
The latest innovation is available now
The HSCNI CoreLIMS presentation highlighted the critical role that testing plays in any go live and Clinisys is well-aware that user acceptance testing is difficult for laboratories operating under huge staff, time, and resource constraints. Because of this, it has formed a partnership with Cymetryc, and Jennifer Lyle, chief innovation officer, flew in all the way from Phoenix, Arizona, to explain how it can help.
Cymetryc supports the creation of test scripts and massively improves communication between testers, reviewers and project managers, who have dashboards to show what is happening and keep projects on track.
Other partners told the second day of the summit how innovation can be applied along the pathology pathway. Amanda Wells, head of the Royal College of Radiologists’ iRefer guidelines, headed a session on the integrated clinical decision support solutions, which put national and local guidelines into the hands of clinicians at the point of ordering a test.
While Gemma Quinney, digital health solutions executive at Abbott, talked about how AI can support smarter sample processing. Gagan Mann, customer success manager at G2 Speech, explained how their technology can speech-enable Clinisys WinPath, so users have hands free navigation and, thanks to AI again, streamlined reporting.
Also on day two, delegates broke into streams to discuss the application of IT within pathology’s key disciplines of blood sciences, microbiology, cellular pathology, and blood transfusion, and, of course, what’s hot and what’s coming next for Clinisys WinPath and ICE.
Noman Manzoor, Laboratory Director at Great Western Hospitals NHS Foundation Trust emphasized the importance of strategic alignment among pathology services before deploying a new Laboratory Information System (LIS) across NHS trusts, highlighting collaboration, standardization and stakeholder engagement as key success factors.
While, returning to the theme of how important it is to involve users in plans, Maria Asperilla, business change lead for Kent and Medway Pathology Network, outlined how it engaged GPs to deliver a successful roll-out of ICE as part of a bigger project to create a single pathology platform for its network.
Making the most of Clinisys investment
With so much going on, however, cyber security will only become more essential. And Simon Hurst assured CCSUK2025 that it will continue to be a focus. “At Clinisys, we will continuously harden the code we write and enhance our products to provide you with safe software,” he said.
“We will also look at how we prepare for attacks, because we have seen over the past few months that attacks will happen and some will get through. Hopefully, this year’s summit has given you lots of ideas for what to do in that scenario.”
