NHS trusts hit by cyber attack, patient data feared stolen

Several NHS trusts have had data stolen in the latest cyberattack to target the UK health service, raising significant concerns about the potential exposure of sensitive patient information.

University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust have been identified as being exposed through a recently discovered software vulnerability.

Experts warn that this incident could lead to “unauthorised access to highly sensitive patient records”. Cody Barrow, CEO of EclecticIQ, a firm that analyzes cyberattacks and uncovered the extent of this incident, emphasized the severity, telling Sky News: “This situation represents another urgent wake-up call for the NHS”.

He added: “The potential compromise scope goes well beyond data theft. We’re looking at the potential for unauthorised access to highly sensitive patient records, the disruption of crucial appointment systems and even interference with critical medical devices that are vital for daily patient care”.

The attack exploited a vulnerability in Ivanti Endpoint Manager Mobile (EPMM) software, a program used by businesses to manage employee phones. Although the flaw was discovered and fixed on May 15, systems previously exploited could still be vulnerable.

Hackers were able to access and run programs on targeted systems, obtaining data such as staff phone numbers, IMEI numbers, and authentication tokens. This type of access, known as remote code execution (RCE), could allow hackers to access further data, including patient records.

Analysts at EclecticIQ have identified the hackers as using an IP address based in China, with their methods resembling those of previous China-based actors. NHS England confirmed it is investigating the potential incident with cybersecurity partners, including the National Cyber Security Centre (NCSC).

An NHS England spokesperson stated: “NHS England provides 24/7 cyber monitoring and incident response across the NHS, and we have a high severity alert system that enables trusts to prioritise the most critical vulnerabilities and remediate them as soon as possible”. The NCSC is also working to understand the full impact in the UK