A serious cyberattack has exposed patient and staff data across key UK NHS trusts, raising urgent concerns about healthcare cybersecurity. The breach, involving a vulnerability in Ivanti Endpoint Manager Mobile (EPMM), affected institutions including University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust.
Cybersecurity experts have confirmed that hackers exploited flaws in Ivanti’s software to gain unauthorised access to sensitive NHS systems. According to EclecticIQ, which uncovered the breach, data was stolen silently, not via ransomware, but through a sophisticated software exploit. This breach has heightened fears of wider access to critical NHS systems, including patient records and appointment infrastructure.
Scope of the Attack
The vulnerability allowed attackers to run programs remotely within NHS systems, potentially accessing authentication tokens, IMEI numbers, and staff contact information. The breach could enable further intrusions into patient databases and vital medical equipment networks, creating cascading impacts on care delivery and safety.
China-Linked IP Identified
The attackers reportedly used an IP address based in China and employed techniques consistent with previous campaigns by China-based cyber actors. Experts warn that the breach was likely not targeted but executed via automated scans searching for known vulnerabilities in outdated systems.
Urgent Warning from Experts
Cody Barrow, CEO of EclecticIQ and former Pentagon cybersecurity expert, described the incident as a “wake-up call” for the NHS. He warned of significant threats to patient safety, from appointment disruptions to potential failures in critical medical devices.
NHS and Government Response
NHS England confirmed it is actively investigating the breach in coordination with the National Cyber Security Centre (NCSC). A 24/7 cyber monitoring system is in place, with high-severity alerts issued to help affected trusts mitigate vulnerabilities swiftly.
The NCSC reiterated its call for organisations to apply all security updates immediately and adhere to best practices to reduce risks of further attacks.
Ivanti Responds
Ivanti, the software vendor, confirmed the vulnerability and stated that a fix had been released. The company emphasised that only a limited number of on-premise users were affected and pledged ongoing transparency with stakeholders and security partners.
This cyberattack underscores the growing threat to healthcare infrastructure, particularly when cybersecurity gaps persist. The NHS, already stretched under operational pressures, now faces the added challenge of safeguarding digital health systems amid escalating global cyber threats.
