NHS patient data at risk in major cyber attack
A newly uncovered cyber attack has exposed sensitive information at two major NHS trusts, raising fears that patient records could be at risk.
Experts have warned that the hack, linked to a vulnerability in widely used mobile management software, marks a growing threat to critical UK infrastructure.
University College London hospitals, NHS Foundation Trust, and University Hospital Southampton, NHS Foundation Trust were among the victims identified in a widespread cyber breach analysed by cybersecurity firm EclecticIQ.
The company have said hackers exploited a security flaw in Ivanti Endpoint Manager Mobile, or EPMM, which manages work phones to gain clandestine access to trusted systems.
Cyber attack exploits vulnerability
Unlike the recent wave of cyber attacks on British retail, the breach appears to have involved the quiet extraction of data through a remote code execution vulnerability.
The flaw was discovered on May 15th and has since been patched by Ivanti; however, experts have warned that systems already compromised may still be vulnerable.
Cody Barrow, chief executive of EclecticIQ an former US cyber command adviser, told Sky News the hack presents an “urgent wake up call” for the NHS.
“The potential compromise scope goes well beyond data theft. We’re looking at the risk of unauthorised access to highly sensitive patient records, disrupted appointments, and even interference with critical medical devices”, he said.
According to EclecticIQ, affected data includes staff phone numbers, as well as authentication tokens – details which could be used to access deeper into trust networks.
The attackers have not been formally identified, but the firm said the use of an IP address in China and the tactics performed suggest links to previous China-based cyber actors.
NHS England investigates
NHS England confirmed it is investigating the incident with the National Cyber Security Centre (NCSC) and said its high-severity alert system had been activated to support trusts in affected systems.
“We provide 24/7 cyber monitoring and response across the NHS”, a spokesperson said.
The breach is the latest in a seemingly unstoppable string of cyber incidents targeting UK firms.
In the last couple of months, big, household names like Co-op, M&S, Harrods and – only yesterday – Adidas, have confirmed breaches on their systems.
Experts say the string of breaches highlights a widening threat landscape across the nation, with healthcare now firmly in the crosshairs.