Patient data of the National Health Service (NHS) faces potential breach due to significant cyber attack
Cyber Attack Exposes Sensitive Data at Two Major NHS Trusts
A significant cybersecurity incident has revealed the theft of sensitive information at the University College London Hospitals NHS Foundation Trust (UCLH) and University Hospital Southampton NHS Foundation Trust. The breach, which exploited a vulnerability in Ivanti Endpoint Manager Mobile (EPMM), has raised concerns about the protection of patient records.
Experts suggest that this hack represents a growing threat to critical UK infrastructure. The attack was facilitated by exploiting a security flaw in EPMM, a software that manages work phones to gain covert access to trusted systems.
Reports by cybersecurity firm EclecticIQ reveal that the hackers utilized two vulnerabilities, CVE-2025-4427 and CVE-2025-4428, to gain unauthenticated remote code execution.
The affected data includes staff phone numbers and authentication tokens, information that could potentially be used to delve deeper into the trust networks. So far, the attackers remain unidentified, although the utilization of a China-based IP address and similar tactics to previous China-based cyber actors suggests a potential connection.
UCLH and University Hospital Southampton NHS Foundation Trust have confirmed they are now investigating the incident alongside the National Cyber Security Centre (NCSC). NHS England has activated its high-severity alert system to support trusts with affected systems and ensure swift response and remediation of critical vulnerabilities.
This cyber attack comes amidst a string of security incidents targeting UK firms, adding to concerns about the widening threat landscape. Last month, retail giants such as Co-op, M&S, Harrods, and Adidas disclosed breaches on their systems. Healthcare facilities are now increasingly becoming targets, elevating the urgency to bolster cybersecurity measures.
- The stolen data from the cyber attack on two major NHS Trusts suggests that medical-conditions, health-and-wellness data, and personnel details could potentially be used to access deeper into the trust networks.
- The use of technology, such as Ivanti Endpoint Manager Mobile, can become vulnerabilities when security flaws like CVE-2025-4427 and CVE-2025-4428 are exploited, as evident in the recent cybersecurity incidents.
- As technology advances, so does the threat landscape, with incidents like this cyber attack on NHS Trusts raising concerns not just about cybersecurity and sensitive data protection, but also about the safety of critical UK infrastructure in the realm of health-and-wellness and science.
%20faces%20potential%20breach%20due%20to%20significant%20cyber%20attack){kind=link}