NHS trusts data stolen in cyberattack UK News Sky News
pUniversity College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust were exposed experts warnpp
Political reporter
TimJB
ppWednesday 28 May 2025 1032 UKppNHS trusts had information stolen in the latest cyberattack on the UK health service experts have told Sky News with concerns raised that patient data might be vulnerable in such incidentsppUniversity College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust have been named as those exposed via a recently discovered exploitppNHS England told Sky News it is monitoring the situation with the UKs top cybersecurity defence team at the National Cybersecurity Centre NCSCppCody Barrow is the chief executive of EclecticIQ and previously worked at the Pentagon US Cyber Command and the NSA The firm analyses cyberattacks and uncovered the extent of this incidentppHe told Sky News such attacks raise the potential for unauthorised access to highly sensitive patient recordsppAnalysts at EclecticIQ have identified victims of the hack spanning agencies and businesses across Scandinavia the UK US Germany Ireland South Korea and JapanppSky News has been shown evidence of the trusts in the UK being accessed maliciouslyppRather than a ransomware attack data was taken clandestinely after hackers exploited holes in softwareppIn this case the vulnerability was in a piece of software called Ivanti Endpoint Manager Mobile EPMM a programme that helps businesses manage employee phonesppThe hole in Ivantis software was first discovered on 15 May and it has since been fixed although there are warnings that systems previously exploited could still be vulnerableppThe vulnerability in Ivantis software allowed hackers to access explore and run programmes on their targets systemsppAccording to the experts at EclecticIQ the kind of data accessed included staff phone numbers IMEI numbers and then technical data like authentication tokensppSuch attacks can leave hackers able to access other data like patient records and further parts of the network via a process called remote code execution RCE running programmes on compromised systemsppThe analysts said they have identified the hackers exploiting the Ivanti backdoor as having used an IP address based in ChinappAlongside this the way the hackers operate is similar to how previous Chinabased actors behavedppSuch attacks can occur when hackers use an automated scan of the internet to find examples of vulnerable software rather than being targetedppRead more from Sky NewsChinabased hack targets UK firmsMS warns of hacking crisisppFollow our channel and never miss an updateppBe the first to get Breaking NewsppInstall the Sky News app for freeppMr Barrow told Sky News This situation represents another urgent wakeup call for the NHS With threat actors actively exploiting these vulnerabilities were not looking at a distant or theoretical risk The targeting is happening now and the consequences could be felt across the healthcare systemppThe potential compromise scope goes well beyond data theft Were looking at the potential for unauthorised access to highly sensitive patient records the disruption of crucial appointment systems and even interference with critical medical devices that are vital for daily patient careppThis strikes at the heart of patient safety and care delivery Mr Barrow added The impact wouldnt be isolated it could cause cascading effects cancelled surgeries delays in urgent treatments and medical devices failing when needed most Weve seen this beforeppPast cyberattacks have shown the chaos that ensues directly threatening patient outcomes putting lives at risk and forcing frontline staff to work under extreme pressureppBeyond immediate operational chaos these vulnerabilities also profoundly erode public trust in the NHSs capacity to safeguard both their data and their healthppThe immediate directive for NHS trusts to engage their cybersecurity teams underscores the severity The response to this kind of cyber threat needs to be treated with the same urgency as a medical emergencypp Listen to Sky News Daily on your podcast app ppA spokesperson for NHS England told Sky News We are currently investigating this potential incident with cybersecurity partners including the National Cyber Security Centre and the trusts mentionedppNHS England provides 247 cyber monitoring and incident response across the NHS and we have a high severity alert system that enables trusts to prioritise the most critical vulnerabilities and remediate them as soon as possibleppA NCSC spokesperson said We are working to fully understand UK impact following reports that critical vulnerabilities in Ivanti Endpoint Manager Mobile are being actively exploitedppThe NCSC strongly encourages organisations to follow vendor best practice to mitigate vulnerabilities and potential malicious activityppVulnerabilities are a common aspect of cyber security and all organisations must consider how to most effectively manage potential security issuesppA spokesperson for Ivanti said they had released a fix for the vulnerability in their softwareppWe remain committed to collaboration and transparency with our stakeholders and the broader security ecosystem it addedppAt the time of disclosure we are aware of a very limited number of onpremise EPMM customers whose solution has been exploitedp
Political reporter
TimJB
ppWednesday 28 May 2025 1032 UKppNHS trusts had information stolen in the latest cyberattack on the UK health service experts have told Sky News with concerns raised that patient data might be vulnerable in such incidentsppUniversity College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust have been named as those exposed via a recently discovered exploitppNHS England told Sky News it is monitoring the situation with the UKs top cybersecurity defence team at the National Cybersecurity Centre NCSCppCody Barrow is the chief executive of EclecticIQ and previously worked at the Pentagon US Cyber Command and the NSA The firm analyses cyberattacks and uncovered the extent of this incidentppHe told Sky News such attacks raise the potential for unauthorised access to highly sensitive patient recordsppAnalysts at EclecticIQ have identified victims of the hack spanning agencies and businesses across Scandinavia the UK US Germany Ireland South Korea and JapanppSky News has been shown evidence of the trusts in the UK being accessed maliciouslyppRather than a ransomware attack data was taken clandestinely after hackers exploited holes in softwareppIn this case the vulnerability was in a piece of software called Ivanti Endpoint Manager Mobile EPMM a programme that helps businesses manage employee phonesppThe hole in Ivantis software was first discovered on 15 May and it has since been fixed although there are warnings that systems previously exploited could still be vulnerableppThe vulnerability in Ivantis software allowed hackers to access explore and run programmes on their targets systemsppAccording to the experts at EclecticIQ the kind of data accessed included staff phone numbers IMEI numbers and then technical data like authentication tokensppSuch attacks can leave hackers able to access other data like patient records and further parts of the network via a process called remote code execution RCE running programmes on compromised systemsppThe analysts said they have identified the hackers exploiting the Ivanti backdoor as having used an IP address based in ChinappAlongside this the way the hackers operate is similar to how previous Chinabased actors behavedppSuch attacks can occur when hackers use an automated scan of the internet to find examples of vulnerable software rather than being targetedppRead more from Sky NewsChinabased hack targets UK firmsMS warns of hacking crisisppFollow our channel and never miss an updateppBe the first to get Breaking NewsppInstall the Sky News app for freeppMr Barrow told Sky News This situation represents another urgent wakeup call for the NHS With threat actors actively exploiting these vulnerabilities were not looking at a distant or theoretical risk The targeting is happening now and the consequences could be felt across the healthcare systemppThe potential compromise scope goes well beyond data theft Were looking at the potential for unauthorised access to highly sensitive patient records the disruption of crucial appointment systems and even interference with critical medical devices that are vital for daily patient careppThis strikes at the heart of patient safety and care delivery Mr Barrow added The impact wouldnt be isolated it could cause cascading effects cancelled surgeries delays in urgent treatments and medical devices failing when needed most Weve seen this beforeppPast cyberattacks have shown the chaos that ensues directly threatening patient outcomes putting lives at risk and forcing frontline staff to work under extreme pressureppBeyond immediate operational chaos these vulnerabilities also profoundly erode public trust in the NHSs capacity to safeguard both their data and their healthppThe immediate directive for NHS trusts to engage their cybersecurity teams underscores the severity The response to this kind of cyber threat needs to be treated with the same urgency as a medical emergencypp Listen to Sky News Daily on your podcast app ppA spokesperson for NHS England told Sky News We are currently investigating this potential incident with cybersecurity partners including the National Cyber Security Centre and the trusts mentionedppNHS England provides 247 cyber monitoring and incident response across the NHS and we have a high severity alert system that enables trusts to prioritise the most critical vulnerabilities and remediate them as soon as possibleppA NCSC spokesperson said We are working to fully understand UK impact following reports that critical vulnerabilities in Ivanti Endpoint Manager Mobile are being actively exploitedppThe NCSC strongly encourages organisations to follow vendor best practice to mitigate vulnerabilities and potential malicious activityppVulnerabilities are a common aspect of cyber security and all organisations must consider how to most effectively manage potential security issuesppA spokesperson for Ivanti said they had released a fix for the vulnerability in their softwareppWe remain committed to collaboration and transparency with our stakeholders and the broader security ecosystem it addedppAt the time of disclosure we are aware of a very limited number of onpremise EPMM customers whose solution has been exploitedp
