British NHS Trusts Hit By Major Cyberattack: Data Stolen  

Uploaded on 2025-06-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The UK National Health Service (NHS) has confirmed that University College London Hospitals NHS Foundation Trust and  the  University Hospital Southampton NHS Foundation Trust have suffered a cyberattack, leading to data theft.

NHS officials have expressed serious concerns that patient data may have been compromised.  

This was not a ransomware attack. Instead, hackers exploited a vulnerability in Ivanti Endpoint Manager Mobile (EPMM) - a program used to manage employee phones. This flaw was first discovered on 15 May, and although Ivanti has since patched it, cybersecurity experts warn that systems previously exposed may still be **at risk**.  

What Data Was Compromised?*  
Analysts believe that hackers accessed staff phone numbers, IMEI numbers, and authentication tokens. These details could allow attackers to gain deeper access, potentially exposing patient records and sensitive hospital networks.  

Global Impact  
The cyberattack is part of a larger breach, with victims identified across Scandinavia, the UK, US, Germany, Ireland, South Korea, and Japan, according to cybersecurity firm EclecticIQ. The UK’s National Cybersecurity Centre (NCSC) is working with NHS officials to analyze the extent of the breach and strengthen security measures.

Suspected Origin of Attack
Cybersecurity researchers have traced the hacking activity to an IP address based in China. The tactics used mirror previous attacks carried out by China-based actors, although authorities are still investigating who the exact perpetrators might be.  

This incident highlights the urgent need for robust cybersecurity measures in healthcare. Hospitals and medical institutions remain high-value targets.

EclecticIQ   |    Sky   |    LBC  

Image: kaboompics

You Might Aslo Read: 

Chinese Hackers Exploiting Ivanti Connect Secure Vulnerability:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Introducing Modern SecOps, a more realistic alternative to the “autonomous SOC” 
Critical Vulnerabilities Disclosed In Versa Concerto »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Libraesva

Libraesva

Libraesva secures email communications for organisations, helping them eliminate email borne threats, preserve email data and provide an environment for their people to communicate safely.

CNCERT/CC

CNCERT/CC

CNCERT is the national Computer Network Emergency Response Technical Team / Coordination Center of China.

QA Systems

QA Systems

QA Systems provides software testing solutions for safety and business critical sectors and software safety and security standards.

infySEC

infySEC

InfySEC is an information security services organization offering Security Technology services, Security Consulting, Security Training, Research & Development.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

S2S Group

S2S Group

S2S Group specialise in the destruction and management of IT assets at the end of the lifecycle.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.

Immuta

Immuta

Immuta empowers data engineering and operations teams to automate data governance, security, access control & privacy protection.

Evolution Equity Partners

Evolution Equity Partners

Evolution Equity Partners is an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

stackArmor

stackArmor

stackArmor specializes in compliance and security-focused solutions delivered using our Agile Cloud Transformation (ACT) methodology.

Technation

Technation

Technation proudly represents the Canadian technology companies that are furthering our nation and the world into the future through innovation, creativity and ingenuity.

Ingenics Digital

Ingenics Digital

Ingenics Digital is a recognized initiator and leading service provider in the areas of software development and embedded systems.

Zanutix Consulting

Zanutix Consulting

Zanutix specialize in a wide range of services including Network Design and Implementation, Data Management, Cloud Solutions, Software Development and Cybersecurity.

The Instillery

The Instillery

Welcome to The Instillery, where fresh thinking and strategy are blended together to support those with the spirit to dominate with digital.