Linkedin Rss
Subscribe
Linkedin Rss

NHS Trusts hit by cyber intrusion exploiting software flaw, patient data at risk

Share On LinkedIn
Share on X

Concerns are mounting over patient data security after a recent cyber intrusion compromised information from several NHS trusts. According to reporting by Sky News, University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust were affected after their systems were breached by exploiting a newly discovered vulnerability in software.

NHS England has confirmed it is closely monitoring the situation, with the National Cybersecurity Centre (NCSC) taking the lead in defence efforts.

Analysts at EclecticIQ, a threat intelligence technology provider, have tracked the impact of the hack across multiple countries, including the UK, the US, and Germany.

EclecticIQ CEO, Cody Barrow, said: “Such attacks raise the potential for unauthorised access to highly sensitive patient records. This situation represents another urgent wake-up call for the NHS. With threat actors actively exploiting these vulnerabilities, we’re not looking at a distant or theoretical risk. The targeting is happening now, and the consequences could be felt across the healthcare system.”

“The potential compromise scope goes well beyond data theft. We’re looking at the potential for unauthorised access to highly sensitive patient records, the disruption of crucial appointment systems, and even interference with critical medical devices that are vital for daily patient care.”

The cyber intrusion was not a ransomware attack but involved the covert extraction of data through software vulnerabilities. The exploited software, Ivanti Endpoint Manager Mobile (EPMM), is used for managing employee mobile devices. Although the vulnerability was identified and a patch released on 15th May, systems that were previously compromised may still be at risk.

Hackers reportedly used the flaw in Ivanti’s software to gain access, explore, and execute programs on targeted systems. The data accessed included staff phone numbers, IMEI numbers, and technical information such as authentication tokens. This breach could potentially allow further access to patient records and network sections via remote code execution (RCE).

Image source: Pixabay

STORY OF THE WEEK

SETsquared Bristol makes three key appointments to drive innovation and growth

Technology PR, search and social agency

Trending Now

Oxford Instruments sells quantum unit to Quantum Design for £60 million

Paapi successfully closes pre-seed funding round, 20% oversubscribed, at £420,000

Amsterdam AI software firm Altura opens London office after £6.7m investment

SETsquared Bristol makes three key appointments to drive innovation and growth

Kier Starmer unveils major UK AI infrastructure push at London Tech Week

Oxford Ionics acquired by US firm IonQ in estimated deal worth £790 million

You may also like

Oxford Instruments sells quantum unit to Quantum Design for £60 million

Paapi successfully closes pre-seed funding round, 20% oversubscribed, at £420,000

Amsterdam AI software firm Altura opens London office after £6.7m investment

SETsquared Bristol makes three key appointments to drive innovation and growth

Kier Starmer unveils major UK AI infrastructure push at London Tech Week

Oxford Ionics acquired by US firm IonQ in estimated deal worth £790 million

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay right up-to-date with TechSparx. Read Midlands regional business technology news aggregated and also written by us, all in one place on TechSparx. Curated and brought to you by TechSparx.

About

© Copyright 2025 TechSparx. All Rights Reserved.
Linkedin Rss