Follow us
Search
Türkçe
🗞️ News - May 30, 2025

Cyber Incident at Two NHS Trusts Raises Concerns Over Data Security

Cyber Incident at NHS Trusts Raises Data Security Concerns 🏥🔒. NHS England investigates potential vulnerabilities in software used for mobile device management.

🌟 Stay Updated!
Join AI Health Hub to receive the latest insights in health and AI.

Facebook X-twitter Linkedin Telegram
Overview of the Incident

NHS England is currently investigating a cyber incident involving the University College London Hospitals NHS Foundation Trust (UCLH) and University Hospital Southampton NHS Foundation Trust.

Details of the Breach
  • A spokesperson for UCLH reported that a software product used to manage mobile devices was “briefly compromised” in May 2025.
  • The compromised software did not contain patient data or staff passwords but included some staff mobile and IMEI numbers.
  • UCLH is in the process of contacting affected staff to inform them of the situation.
  • The trust reassured patients and staff of its commitment to data protection and is working closely with NHS England’s cyber security response team.
Nature of the Attack

According to reports, hackers exploited vulnerabilities in the Ivanti Endpoint Manager Mobile (EPMM) software, which is designed to help organizations manage employee mobile devices. Analysts from EclecticIQ indicated that the software’s flaws allowed unauthorized access to systems, with hackers using an IP address based in China.

Potential Risks
  • While the vulnerability has been addressed, there are concerns that hackers may still access sensitive data, including patient records, through a method known as remote code execution (RCE).
  • EclecticIQ warned that the attack could disrupt healthcare services and compromise patient safety.
Response from Authorities

A spokesperson for NHS England stated that there is currently no evidence suggesting that patient data has been accessed. They emphasized that health services remain unaffected and that investigations are ongoing with the National Cyber Security Centre (NCSC).

Recommendations and Future Precautions

The NCSC has urged organizations to adhere to vendor best practices to mitigate vulnerabilities and prevent malicious activities. They highlighted that vulnerabilities are a common aspect of cybersecurity and must be managed effectively.

Expert Commentary

Graeme Stewart, head of public sector at Check Point Software, noted that this incident reflects a troubling trend of critical sectors, particularly healthcare, being compromised through third-party software.

Conclusion

In light of this incident, NHS suppliers have been encouraged to sign a charter of cyber security best practices to enhance the overall security posture of the healthcare system.

For further details, you can refer to the original articles from Digital Health and Sky News.

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on whatsapp
WhatsApp

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close
Search

Hit enter to search or ESC to close