Spencer Private Hospitals %%transformed staff cyber awareness,%% here’s how

Spencer Private Hospitals is a private healthcare provider owned by the NHS in East Kent. As part of their commitment to delivering safe, secure care, the organisation recognised a growing need to address human cyber risk more directly, especially phishing, which remains one of the most common entry points for cyber threats in UK health care.

On the compliance side, Spencer Private Hospitals must meet the UK’s Data Security Protection Toolkit (DSPT), as well as prepare evidence for cyber insurance renewals. “We’ve got to provide assurance that everyone is aware of cybersecurity, UK GDPR, and information governance.”

That led to a search for a UK-based provider that could deliver both ease of use and strong information governance controls. After evaluating a number of vendors, Phishing Tackle stood out. “The demo was great. The system is really easy to use, the price was affordable, and the support, including onboarding and reporting, has been excellent.”

Over the last two years, Spencer Private Hospitals has integrated phishing simulations into their existing security workflow, replacing generic e-learning. The platform’s integration with Microsoft 365 and the addition of a “phish hook” reporting button have made it easier for staff to take action and for leadership to track results.

The reporting features have had a particularly strong impact. “We’ve recently done a deep dive into the reporting, and it really sold the message to the senior management team. It’s now a control on our risk register.”

Looking ahead, Spencer Private Hospitals plans to further leverage the platform for engagement and compliance, especially as they consider frameworks like Cyber Essentials.