Two NHS Trusts Hit by Cyber Attack, Staff Data Exposed

Two major NHS trusts have been hit by a cyber attack that exposed staff information, raising fresh concerns over digital security in the healthcare sector.

The University College London Hospitals (UCLH) NHS Foundation Trust and the University Hospital Southampton NHS Foundation Trust were targeted through a flaw in a software tool called Ivanti Endpoint Manager Mobile (EPMM), which is used to manage employees’ mobile devices.

The software flaw was discovered on May 15 and has since been fixed by Ivanti. However, hackers managed to exploit the vulnerability before the patch was applied.

UCLH confirmed that its system containing staff mobile data was compromised. The breach involved information such as mobile phone numbers and IMEI numbers (which are unique codes that identify phones on mobile networks). The trust said no passwords or patient data were accessed.

NHS England is now working with cybersecurity experts to investigate the incident.

The breach was first reported by Sky News, which revealed that security firm EclecticIQ has linked the attack to other victims across several countries, including the UK, US, Germany, Ireland, South Korea, and Japan. The cyber attack originated from an IP address in China, but no official link to a specific group or government has been confirmed.

This isn’t the first time the NHS has been targeted. In June 2024, a ransomware attack on Synnovis — a company that handles blood testing for London hospitals — caused thousands of appointments to be cancelled. That attack was claimed by a Russian-speaking group called Qilin. Another cyber incident in November 2023 disrupted services at Wirral University Teaching Hospital Trust.

Cybersecurity experts say these attacks show how vulnerable healthcare systems can be, especially when third-party vendors are involved.

Dray Agha from cybersecurity firm Huntress said the recent attack is “a stark reminder” that protecting NHS systems also means securing the systems used by suppliers.

In response to growing threats, the NHS has introduced a new cybersecurity charter aimed at strengthening digital safety across its supply chain. Under the new rules, suppliers must follow eight key principles, including keeping software up to date, using multi-factor authentication, backing up data securely, and monitoring for threats 24/7.

The NHS hopes these measures will make it harder for hackers to exploit weak points in its network and better protect staff and patients alike.