A single data scientist manually vetting every open source package created a security bottleneck that blocked the entire organization from Python adoption in a regulated NHS environment.
Anaconda Platform’s curated, governed package repository satisfied NHS cybersecurity requirements, eliminating manual vetting and enabling scalable Python access across teams.
Doncaster and Bassetlaw Teaching Hospitals (DBTH) NHS Foundation Trust is one of Yorkshire’s leading acute trusts, caring for more than 440,000 people across South Yorkshire, North Nottinghamshire, and surrounding areas. Operating three main hospital sites and serving as a designated teaching hospital, DBTH combines patient care excellence with a commitment to advancing healthcare through research, innovation, and digital transformation.
When Simon Newey joined the trust as their first data scientist, he was given a clear mandate: build a data science function that could transform how the trust uses data to improve patient care and operational efficiency. Newey quickly faced a challenge familiar to many healthcare organizations: determining how to build advanced analytics while meeting the NHS’ strict security requirements. Anaconda Platform would ultimately provide the answer, offering both the security foundation that satisfied the trust’s cybersecurity teams and the managed environments that could scale open source access across the organization.
The Challenge: Building Data Science in a Security-Conscious NHS Environment
Like many NHS trusts, DBTH’s analytical work historically relied heavily on Excel and SQL. While these tools served basic reporting needs, they couldn’t support the sophisticated statistical analysis and machine learning capabilities needed for modern healthcare analytics. The trust recognized that Python would be essential for building predictive models, automating complex workflows, and delivering the insights needed to support clinical decision-making.
However, introducing open source tools into an NHS environment presented significant challenges. The trust’s head of cybersecurity had legitimate concerns about open source software: the potential for software supply chain attacks and the complexity of managing dependencies represented real threats to patient data security and system integrity. The trust established a manual vetting process that reflected its commitment to security, but with a single data scientist carrying the full review load, that process constrained the pace at which DBTH could build out its analytical capabilities.
“Security reviews are essential in an NHS environment, and rightly so. But verifying the full dependency chain for every tool is genuinely complex work, and that time adds up. There were weeks where security review was as much a part of my role as data science itself.”
The trust’s developer team needed open source capabilities that would improve clinical and operational decision-making. The manual vetting process blocked the entire organization from using open source tools. The entire organization remained locked out under the existing security constraints.
These weren’t merely operational inconveniences. NHS trusts operate under intensive regulatory scrutiny that directly impacts open source software management. Since September 2024, all NHS organizations must submit annual assessments against the CAF-aligned Data Security and Protection Toolkit (DSPT). The August 2025 release of Cyber Assessment Framework v4.0 explicitly requires healthcare organizations to secure open source software, including code provenance, secure distribution channels, and continuous security monitoring. These requirements come with mandatory audits and penalties up to £17 million for non-compliance. For US healthcare organizations, similar regulatory pressures around software bill of materials and supply chain security reflect the same fundamental recognition: this is a patient safety issue, not just an IT concern.
Finding a Secure Path Forward with Anaconda Platform
When the security conversation intensified around open source access, Anaconda emerged as the obvious solution.
“From pretty minimal searching, Anaconda was clearly the sensible way of accessing open source, [with its] emphasis on security” Newey says. “Having a curated source where packages are vetted and verified is reassuring.”
Working with the trust’s head of cybersecurity, Newey focused the conversation on what the trust needed: provenance, vulnerability management, verification, and ongoing oversight. Anaconda Platform addressed all of these requirements.
“I sent him Anaconda’s security documentation, which quickly satisfied him that this was a safe way to source packages,” Newey recalls.
Anaconda Platform provides enterprise-grade governance that NHS cybersecurity teams require to meet CAF-aligned DSPT requirements. The platform directly addresses CAF’s software supply chain security outcome and vulnerability management mandate, eliminating the manual vetting process that had created organizational bottlenecks.
Transforming from Individual Capability to Team Capacity
Anaconda Platform eliminated the one-person bottleneck. The entire team can now develop in a safe, governed environment without requiring Newey’s constant intervention.
“Anaconda allows us to keep our models running with fewer days performing manual security checks,” Newey explains. “Going beyond that, I’m hoping that allows us to roll out Python usage more broadly.”
Developer teams can now integrate external data sources. Analyst teams can apply the statistical testing toolkit Newey has built to answer causal questions that previously went unanswered. Both groups gain access to data science capabilities under governance frameworks that satisfy DBTH’s cybersecurity requirements.
“I’m hoping it will be possible for that software to be available to people with a less Python-focused skill set, and not require endless amounts of my time maintaining that environment for them,” Newey says.
This broader rollout addresses a critical workforce challenge identified in DBTH’s Digital Enabling Plan. Under the Digital Workforce, Engagement and Culture ambition, the plan commits to developing a digitally empowered workforce with the skills to make the most of digital tools and technology. Anaconda Platform’s managed environments and training resources support this goal by reducing the technical barriers to open source adoption.
Advancing Analytics to Meet National NHS Priorities
DBTH’s investment in secure, scalable data science infrastructure positions the trust to become data-driven and information-rich, using analytics to shape clinical care and support excellent clinical decisions. With Anaconda Platform enabling broader open source access across teams, these capabilities can now scale beyond a single data scientist.
As NHS organizations nationwide work to become digitally enabled and mature, DBTH’s experience offers valuable lessons. Secure, governed access to open source tools isn’t just about individual productivity, but about building organizational capability. With Anaconda Platform, NHS trusts can bridge the gap between cybersecurity requirements and analytical ambitions, transforming data science from a specialized individual skill into a scalable team capability that directly supports better patient care.
Ready to accelerate your AI initiatives with trusted open source? Discover how the Anaconda Platform can transform your data science workflows while maintaining enterprise-grade security and governance. Contact our team for a personalized demonstration.
Anaconda Platform
The Only Unified Platform for Open Source