A recent cyber intrusion has compromised information from NHS trusts, raising concerns over patient data security. According to reporting by Sky News, patient data was put at risk at University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust after both trusts’ systems were compromised through the exploitation of a newly-discovered software vulnerability.
NHS England has confirmed it is closely monitoring the situation, with the National Cybersecurity Centre (NCSC) leading the defence efforts. “Such attacks raise the potential for unauthorised access to highly sensitive patient records,” said EclecticIQ CEO Cody Barrow.
Analysts at EclecticIQ, a threat intelligence technology provider, have traced the hack’s impact across several countries, including the UK, the US, and Germany. Evidence presented to Sky News confirmed malicious access to UK trusts.
“This situation represents another urgent wake-up call for the NHS. With threat actors actively exploiting these vulnerabilities, we’re not looking at a distant or theoretical risk,” said Barrow, who previously worked at the Pentagon, US Cyber Command and the NSA. “The targeting is happening now, and the consequences could be felt across the healthcare system.”
“The potential compromise scope goes well beyond data theft. We’re looking at the potential for unauthorised access to highly sensitive patient records, the disruption of crucial appointment systems, and even interference with critical medical devices that are vital for daily patient care.”
Ivanti software exploit enables hackers to access sensitive NHS data
The breach was not a ransomware attack but involved covert data extraction through software vulnerabilities. The exploited software, Ivanti Endpoint Manager Mobile (EPMM), is used for managing employee mobile devices. Although the vulnerability was identified and patched on 15 May, systems previously compromised may remain at risk.
Hackers used the flaw in Ivanti’s software to gain access, explore, and execute programs on targeted systems. Data accessed included staff phone numbers, IMEI numbers, and technical information such as authentication tokens. This breach could potentially allow further access to patient records and network sections via remote code execution (RCE).
EclecticIQ analysts identified the hackers as using an IP address from China, with their methods resembling past operations by China-based groups. The attack involved automated internet scans to locate vulnerable software, rather than specific targeting.
“We are currently investigating this potential incident with cybersecurity partners, including the National Cyber Security Centre, and the trusts mentioned”, said an NHS England spokesperson. “NHS England provides 24/7 cyber monitoring and incident response across the NHS, and we have a high severity alert system that enables trusts to prioritise the most critical vulnerabilities and remediate them as soon as possible.”
“We are working to fully understand [the] UK impact following reports that critical vulnerabilities in Ivanti Endpoint Manager Mobile are being actively exploited,” said an NCSC spokesperson. “The NCSC strongly encourages organisations to follow vendor best practice to mitigate vulnerabilities and potential malicious activity. Vulnerabilities are a common aspect of cybersecurity, and all organisations must consider how to most effectively manage potential security issues.”
Read more: UK ICO fines Advanced Computer Software £3m after NHS data breach
