A new cyberattack has put patient data at risk in a breach that has hit two major NHS trusts, raising concerns about the cybersecurity of the UK’s healthcare infrastructure.
University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust were targeted in a large-scale breach by cybersecurity firm EclecticIQ. The attack exploited a known vulnerability in Ivanti Endpoint Manager Mobile (EPMM), a mobile device management solution used to secure and control access through work phones.
Using mobile device management to get into healthcare networks
The attackers are believed to have used a remote code execution (RCE) flaw in EPMM. The vulnerability, discovered on May 15 and patched by Ivanti, allowed the attackers to get stealthy, unauthorized access to internal systems. According to EclecticIQ, the breach allowed data exfiltration without detection—far more insidious than ransomware or defacement attacks.
The breach exposed a range of sensitive data, including staff mobile phone numbers and authentication tokens used to access internal systems.
The concern is that authentication tokens, if intercepted, could be reused by malicious actors to pivot further into the trust’s infrastructure. This could allow attackers to get patient records, access appointment systems, or manipulate health monitoring equipment integrated with hospital networks.
The origin of the attack has not been confirmed, but EclecticIQ has attributed the breach to tactics and infrastructure commonly used by Chinese cyber groups. The use of a known IP address in previous Chinese cyber operations supports this theory, although attribution in cyberspace is notoriously difficult.
National response and investigation underway
A high-severity cybersecurity alert has been sent to all NHS systems, and affected trusts receive 24/7 monitoring and mitigation support. NHS England said: “We have 24/7 cyber monitoring and response across the NHS, and our high-severity alert protocols are in place to protect trusts from wider compromise.”
No patient record tampering or medical device interference has been reported, but the risk is a big one, especially given how much of the hospital infrastructure is now connected. This is a reminder of the risk posed by third-party software vulnerabilities in environments that handle life-critical operations and personal data.
A wave of cyberattacks
Unlike retail, where data such as email addresses or payment card details are the prize, in healthcare, the stakes are much higher. The theft or manipulation of medical records isn’t just financial; it can impact patient safety and public trust in essential services.
Security professionals say this attack highlights the need for better security auditing, threat detection, and patch management across the public healthcare sector. Given the NHS’s use of mobile and cloud systems, any gap in device or access management can quickly become a major weakness.
Strengthening cybersecurity in healthcare systems
To prevent this from happening again:
- Patch and real-time monitoring of endpoint systems
- Leverage zero-trust network architecture with strong identity verification
- Implement incident simulation and response planning for critical healthcare services
As attackers exploit supply chains and software vulnerabilities, the pressure on public bodies like the NHS to harden their digital defenses has never been greater.
