The UK healthcare sector faces unique challenges at the intersection of patient care, digital transformation, and regulatory compliance. Hospitals and NHS trusts manage sensitive patient data, interconnected medical systems, and complex operational processes, making cyber security and information governance critical for safety, compliance, and service continuity. The following CISOs and healthcare technology leaders are shaping how UK hospitals manage cyber risk, digital strategy, and secure transformation.
Paul Merison — Head of Information Security and Risk, Guy’s and St Thomas’ NHS Foundation Trust
Paul Merison is a highly qualified information security professional with over 28 years of specialist experience in information security and digital technology audit. He has successfully managed complex digital projects, including cyber security and infrastructure improvements, disaster recovery, and systems implementation. Merison is adept at identifying and mitigating digital technology risks and communicating them to all levels of management, ensuring that risk management aligns with organisational objectives.
Ronnie Skillen — Information Security Officer, University College London Hospitals NHS Foundation Trust
Ronnie Skillen is a senior NHS ICT Manager and Information Security Officer at UCLH NHS Foundation Trust, with decades of experience across multiple ICT roles. Skilled in service improvement, risk management, and information security, he holds an (ISC)² CISSP Associate certification and is an ITIL practitioner. Prior to UCLH, Skillen directed an IT training company serving the voluntary sector, reflecting his broad experience in ICT and security operations.
Kathy Lanceley — Chief Information Security Officer, Imperial College Healthcare NHS Trust
Kathy Lanceley serves as CISO at Imperial College Healthcare NHS Trust and is currently drafting the Cyber Security Strategy for North West London ICB. With nearly two decades of experience in NHS leadership, including roles as Deputy CIO and Joint IT Director, Lanceley focuses on aligning cyber security strategy with organisational priorities and supporting digital transformation initiatives. Her work spans both trust-level operations and regional NHS strategy.
Kathryn Kaboutian — Deputy Chief Digital Information Officer, North Bristol NHS Trust & University Hospitals Bristol and Weston NHS Foundation Trust
Kathryn Kaboutian has extensive experience leading cross-functional public sector teams and developing comprehensive digital strategies. She has successfully delivered multimillion-pound digital transformation projects with a cloud-first focus. Kaboutian emphasises efficiency, agile culture, and mentoring rising talent, driving innovation and business outcomes across complex NHS environments.
Andy Callow — Chief Digital and Transformation Officer, Nottingham University Hospitals NHS Trust
Andy Callow is an Executive Director on the Trust Board, leading digital and information transformation at Nottingham University Hospitals NHS Trust. Since April 2024, he has expanded his remit to include the Trust’s Improvement and Transformation strategy, overseeing technology-driven enhancements to patient care, operational efficiency, and organisational performance.
Ilias Khalifa — Cyber Security Lead, University Hospitals of Northamptonshire NHS Group
Ilias Khalifa is Cyber Security Lead at University Hospitals of Northamptonshire NHS Group, bringing a background in enterprise infrastructure, ICT management, and healthcare information technology. With over 15 years of experience in ICT and security roles across NHS trusts and educational institutions, Khalifa focuses on securing hospital networks, systems, and patient data while managing teams and implementing resilient IT practices.
Driving Secure Digital Transformation in UK Healthcare
These leaders exemplify how cyber security, digital strategy, and information governance intersect with patient care and operational excellence. Their work ensures that UK hospitals and healthcare organisations can safely adopt innovative technologies, protect sensitive data, and maintain resilience in an increasingly complex digital healthcare environment.