British NHS Trusts Hit By Major Cyberattack: Data Stolen  

Uploaded on 2025-06-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The UK National Health Service (NHS) has confirmed that University College London Hospitals NHS Foundation Trust and  the  University Hospital Southampton NHS Foundation Trust have suffered a cyberattack, leading to data theft.

NHS officials have expressed serious concerns that patient data may have been compromised.  

This was not a ransomware attack. Instead, hackers exploited a vulnerability in Ivanti Endpoint Manager Mobile (EPMM) - a program used to manage employee phones. This flaw was first discovered on 15 May, and although Ivanti has since patched it, cybersecurity experts warn that systems previously exposed may still be **at risk**.  

What Data Was Compromised?*  
Analysts believe that hackers accessed staff phone numbers, IMEI numbers, and authentication tokens. These details could allow attackers to gain deeper access, potentially exposing patient records and sensitive hospital networks.  

Global Impact  
The cyberattack is part of a larger breach, with victims identified across Scandinavia, the UK, US, Germany, Ireland, South Korea, and Japan, according to cybersecurity firm EclecticIQ. The UK’s National Cybersecurity Centre (NCSC) is working with NHS officials to analyze the extent of the breach and strengthen security measures.

Suspected Origin of Attack
Cybersecurity researchers have traced the hacking activity to an IP address based in China. The tactics used mirror previous attacks carried out by China-based actors, although authorities are still investigating who the exact perpetrators might be.  

This incident highlights the urgent need for robust cybersecurity measures in healthcare. Hospitals and medical institutions remain high-value targets.

EclecticIQ   |    Sky   |    LBC  

Image: kaboompics

You Might Aslo Read: 

Chinese Hackers Exploiting Ivanti Connect Secure Vulnerability:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Introducing Modern SecOps, a more realistic alternative to the “autonomous SOC” 
Critical Vulnerabilities Disclosed In Versa Concerto »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Openminded (OPMD)

Openminded (OPMD)

Openminded is a French security and network services company.

PKWARE

PKWARE

PKWARE is a global leader in business data security, providing encryption and compression solutions to enterprise customers and government entities around the world.

Telecommunications Industry Association (TIA)

Telecommunications Industry Association (TIA)

TIA works to secure trust in networks by advocating public policy positions on the security of ICT equipment and services related to critical infrastructure, supply chain and information sharing.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

Fyde

Fyde

Fyde helps companies with an increasingly distributed workforce mitigate breach risk by enabling secure access to critical enterprise resources.

Cloud Managed Networks

Cloud Managed Networks

Cloud Managed Networks provides enterprise grade IT network solutions for cloud-based and on premise network security, Wi-Fi, data switching, collaboration, device management and more.

Cynamics

Cynamics

Cynamics is the only network monitoring solution built specifically for Smart City, Public Safety and Critical Infrastructure networks.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

Liberty Mutual

Liberty Mutual

Liberty Specialty Markets offers specialty and commercial insurance and reinsurance products, including Cyber, across the USA, Europe, Middle East and other international locations.

IQ4 - Cybersecurity Workforce Alliance (CWA)

IQ4 - Cybersecurity Workforce Alliance (CWA)

Cybersecurity Workforce Alliance, a division of iQ4, is an organization comprised of a diverse range of professionals dedicated to the development of the cybersecurity workforce.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

U2opia Technology

U2opia Technology

U2opia is a consortium with a proven track record of delivering groundbreaking technology, cybersecurity, and innovative business solutions.

Plerion

Plerion

Plerion is an all-in-one Cloud Security Platform that supports workloads across AWS, Azure, and GCP delivering cloud security posture management, workload security, data security and more.

AddSecure

AddSecure

AddSecure is a leading European provider of secure IoT connectivity and end-to-end solutions.

AdviserCyber

AdviserCyber

AdviserCyber provide Cybersecurity and Compliance Solutions for Registered Investment Advisers.

Invisily

Invisily

Invisily makes enterprise and cloud computing resources invisible to attackers with zero trust solutions, making them visible only when needed to only those who need them.