Case study:
South London &
Maudsley NHS


South London and Maudsley NHS Foundation Trust (SLaM) provides the widest range of NHS mental health services in the UK and aims to be a leader in improving health and wellbeing – locally, nationally and globally. Serving a local population of 1.3 million people across Lambeth, Southwark, Lewisham and Croydon, as well as specialist services for children and adults across the UK and beyond, SLaM each year provides inpatient care for over 5,000 people and treats more than 40,000 patients in the community.

The challenge

As a provider of mental health services, patient confidentiality is a founding principle. SLaM’s CTO, Stuart Maclellan, is unequivocal about the priority: “Providing assurance and governance in securing and protecting our data is of the utmost importance.”

In 2016, against a backdrop of increasing cyber attacks in the sector, SLaM made significant investments in best-in-class anti-malware, intrusion prevention, and web and email security technologies. Longwall was initially engaged to provide the specialist skills needed to deliver a best practice implementation, upskill and develop the internal teams and fully deploy best practices across the estate, ensuring a rapid return on that investment.

This foresight was a major factor in protecting SLaM from the 2017 WannaCry outbreak which, at the time, led to significant disruption in more than a third of trusts in England. However, Maclellan recognised that there remained a gap in visibility of network activity across SLaM’s estate. He also acknowledged that his team lacked both the capacity and specialist skills to prevent, detect or respond to more sophisticated threats.

The solution

Following an extended proof-of-concept of their protective monitoring capability, SLaM adopted Longwall’s full Managed Security service, including Managed Detection & Response, Managed Risk & Exposure, and Managed Strategy & Resilience.

Longwall’s engagement starts with a comprehensive security assessment to establish the organisation’s current state security posture and to build a roadmap of strategic improvement initiatives leading to a desired future state.

Implementation of vendor agnostic threat monitoring and a full vulnerability management programme brought clear visibility of threats and exposures across SLaM’s estate and supply chain. A Security Manager was then appointed to take in-house ownership of SLaM’s cyber security strategy and to work with Longwall’s nominated consultant to coordinate roadmap and remediation efforts.


Within 3 years, SLaM has achieved a significant level of cyber security maturity compared to many of its peers. Visibility of network activity and exposures, both internally and within SLaM’s supply chain, has been a major win for the Trust, enabling a risk-focused approach to prioritise remediation efforts within available resource capacity. This leads to better-informed decision-making and ensures that valuable in-house Digital resources can be balanced appropriately between security and business process performance.

In blind penetration testing and through an incident within its supply chain, SLaM, has been able to demonstrate its capability to rapidly detect and respond to new cyber threats and show tangible return on its investment and assurance to the Trust Board.

“We are proud of the fact that SLaM was one of the first NHS Trusts to have a protective monitoring solution and we simply could not have achieved this without our partnership with Longwall. They have given us the tools as well as the strategic advice to ensure we’re continually improving our defences and securing our systems, services, and data.”