Prescription For Security: How Clatterbridge Cancer Centre Secures Healthcare with Rapid7

The Clatterbridge Cancer Centre is one of the UK's leading cancer centers providing highly specialized cancer care to more than 2.4 million people in Northwest England. The Centre operates a unique multi-site care model consisting of three main sites, four systemic therapy sites, and 15 outpatient centers. In addition, Clatterbridge provides chemotherapy in the home and workplace, ensuring accessible treatment for patients. As one of the largest NHS providers of non-surgical cancer treatment, Clatterbridge functions as a tertiary cancer center, treating patients referred from other hospitals.

At Clatterbridge, cybersecurity isn't just an IT concern—it's a patient care imperative. As a leading specialist cancer treatment provider, Clatterbridge is responsible for protecting vast amounts of sensitive patient data. With a growing number of cyber threats targeting the healthcare sector, securing this data is non-negotiable. Richard Pilkington, IT Security Manager, and Andy Kilbane, Digital Systems Security Specialist are two professionals dedicated to fortifying Clatterbridge's security posture while balancing the operational realities of a busy hospital.

"Cybersecurity in healthcare is about more than just compliance. It's about ensuring that patient data stays protected so clinicians can focus on saving lives," says Pilkington.

The Diagnosis: A Need for Visibility and Compliance

Clatterbridge, along with 28 other NHS trusts and six local councils in the Cheshire and Merseyside region, needed a cybersecurity solution that provided enhanced visibility, streamlined reporting, and met stringent compliance requirements like ISO 27001 and the Data Security and Protection Toolkit (DSPT).

Previously, their IT team struggled with multiple security tools and disjointed data sources, making it difficult to quickly detect and respond to threats.

The Treatment Plan: Rapid7 InsightIDR in Action

After evaluating several SIEM solutions, Clatterbridge selected Rapid7 InsightIDR for its ease of use, powerful alerting capabilities, and ability to aggregate security data into a single pane of glass.

"From out-of-the-box deployment to monitoring critical systems, it took less than two days to get up and running," explains Kilbane. "The documentation was brilliant, and it was super easy to implement."

With InsightIDR, Clatterbridge gained:

• Comprehensive Alerting: Early warnings on security anomalies, particularly in Active Directory.
• Streamlined Compliance Reporting: Automatic logs and dashboards simplified DSPT and ISO 27001 audits.
• Time-Saving Automation: No more manually combing through disparate logs—critical alerts come straight to the security team.

From Data Overload to Strategic Security

One of the standout benefits of Rapid7 InsightIDR has been it's ability to cut through noise and surface only the most critical threats.

This newfound clarity paid off recently when InsightIDR flagged an unusual spike in account reactivations. Further investigation revealed a staff member was bypassing protocol. "Without Rapid7, we wouldn't have caught it," Pilkington states. "That information gave us the chance to act before it became a serious issue."

Setting the Standard for Regional Security

Beyond securing its own network, Clatterbridge is taking a leadership role in regional cybersecurity efforts. With plans to establish a local Security Operations Center (SOC) for all 35 organizations in Cheshire and Merseyside, they envision a future where threats are detected and mitigated at scale.

"Our goal is to provide 24/7 security monitoring across the region," Pilkington explains. "We want an early warning system so that if an attack happens at one trust, we can immediately alert others before it spreads."

The Prognosis: A Secure Future with Rapid7

With Rapid7 in place, Clatterbridge is not only meeting compliance requirements but also setting a gold standard for NHS cybersecurity.

As cyber threats continue to evolve, Clatterbridge is staying ahead of the curve. With InsightIDR providing continuous visibility and intelligent threat detection, the team can focus on what matters most: delivering world-class cancer care with confidence.

"Cybersecurity isn't just an IT function—it's patient care," concludes Pilkington. "Rapid7 helps us protect what matters most."

Rapid7 is here for that.