03 June 2025

Recent cyberattacks have compromised NHS trusts, including University College London Hospitals and University Hospital Southampton, with experts warning that sensitive patient data may be at risk. The UK’s National Cybersecurity Centre (NCSC) is actively monitoring the situation.

Analysis by EclecticIQ revealed that the breach occurred through exploitation of a software vulnerability in Ivanti Endpoint Manager Mobile (EPMM), a tool used for managing employee mobile devices. The vulnerability, first discovered on 15 May, has since been patched, but systems previously affected may still be vulnerable.

Rather than a ransomware attack, hackers clandestinely accessed data by exploiting this software flaw, enabling them to explore systems and run programs remotely — a technique known as remote code execution (RCE). The data accessed reportedly included staff phone numbers, IMEI numbers, and authentication tokens, which could potentially lead to further breaches, including access to patient records.

EclecticIQ identified the hackers operating from an IP address in China, employing automated scans to find vulnerable systems rather than targeted attacks. The incident underscores ongoing risks to healthcare data security and highlights the importance of rapid vulnerability management in critical sectors.