{"id":143973,"date":"2025-05-30T11:28:19","date_gmt":"2025-05-30T11:28:19","guid":{"rendered":"https:\/\/www.europesays.com\/uk\/143973\/"},"modified":"2025-05-30T11:28:19","modified_gmt":"2025-05-30T11:28:19","slug":"two-nhs-trusts-affected-by-cyber-attack-on-mobile-phone-software","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/uk\/143973\/","title":{"rendered":"Two NHS trusts affected by cyber attack on mobile phone software"},"content":{"rendered":"<p><strong>NHS England is investigating a cyber incident at University College London Hospitals NHS Foundation Trust (UCLH) and University Hospital Southampton NHS Foundation Trust.<\/strong><\/p>\n<p>A spokesperson for UCLH told Digital Health News that a software product used at the trust to manage UCLH mobile phones and tablets was\u201d briefly compromised\u201d earlier in May 2025.<\/p>\n<p>\u201cThe product, which did not contain patient data or staff passwords, was made secure swiftly.<\/p>\n<p>\u201cThe product did contain some staff mobile and IMEI numbers and we are contacting those staff affected.<\/p>\n<p>\u201cWe want to reassure patients and staff that we are committed to protecting their data and privacy and we are investigating this matter thoroughly with NHS England\u2019s cyber security response team,\u201d the spokesperson added.<\/p>\n<p>Sky News reported that\u00a0data was taken after hackers exploited holes in the <a href=\"https:\/\/forums.ivanti.com\/s\/?language=en_US\" target=\"_blank\" rel=\"noopener\">Ivanti<\/a>\u00a0Endpoint Manager Mobile (EPMM) software, a programme that helps businesses manage employee phones.<\/p>\n<p>Analysts at intelligence threat platform <a href=\"https:\/\/www.eclecticiq.com\/\" target=\"_blank\" rel=\"noopener\">EclecticIQ<\/a> told Sky News the software\u2019s vulnerability had allowed hackers to access, explore and run programmes on their target\u2019s systems using an IP address based in China.<\/p>\n<p>Although the hole in Ivanti\u2019s software has been fixed, EclectricIQ warned that the attack could leave hackers able to access other data like patient records and further parts of the network via a process called remote code execution (RCE) \u2013 running programmes on compromised systems.<\/p>\n<p>A <a href=\"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM?language=en_US\" target=\"_blank\" rel=\"noopener\">statement on Ivanti\u2019s website<\/a>, published on 22 May 2025, said: \u201cIvanti has released updates for Endpoint Manager Mobile (EPMM) which addresses one medium and one high severity vulnerability.<\/p>\n<p>\u201cWhen chained together, successful exploitation could lead to unauthenticated remote code execution.<\/p>\n<p>\u201cWe are aware of a very limited number of customers whose solution has been exploited at the time of disclosure.\u201d<\/p>\n<p>A spokesperson for NHS England told Digital Health News that there is \u201ccurrently no evidence to suggest patient data has been accessed\u201d, adding that \u201chealth services are not currently affected\u201d.<\/p>\n<p>\u201cWe are currently investigating this potential incident with cyber security partners, including the National Cyber Security Centre, and the trusts mentioned.<\/p>\n<p>\u201cNHS England provides 24\/7 cyber monitoring and incident response across the NHS, and we have a high severity alert system that enables trusts to prioritise the most critical vulnerabilities and remediate them as soon as possible,\u201d the spokesperson said.<\/p>\n<p>A spokesperson for the National Cyber Security Centre said that they are working to fully understand the UK impact following reports that critical vulnerabilities in the Ivanti software have been exploited.<\/p>\n<p>\u201cThe NCSC strongly encourages organisations to follow vendor best practice to mitigate vulnerabilities\u00a0and potential malicious activity.<\/p>\n<p>\u201cVulnerabilities are a common aspect of cyber security, and all organisations must consider how to most effectively manage potential security issues,\u201d they added.<\/p>\n<p>Commenting on the attack, Graeme Stewart, head of public sector at<a href=\"https:\/\/gbr01.safelinks.protection.outlook.com\/?url=http%3A%2F%2Fclick.agilitypr.delivery%2Fls%2Fclick%3Fupn%3Du001.NciJ80dOHHjlEsj1xev2XOqoJYquDvUb8garE5d0HFoq5O1L3Ulz10qluAuREM-2BOdksg_vMX61IEuMW3nQdrtaTGzaHcScXjMUXoxpTNZo5w5AC9bjqCTJTdLA3sXTMel1Zx39aN7DK-2BBPotM-2BlXP4BI6lDsFIs0KK4VfOaz5o7V4ulDnzUGxGpxZRhZpq49LaJKCiZE3-2BG-2F1AhYjAVoUN0u8IOge7mS-2BmQsLy2Kpaay-2F3uwlzcYsKwjS0EHsFniH7T7tgu3GAjYFuuRkL-2FOatby1zhcVLAW4-2F9YBKKEK2QU13qQJ3wrquRU7Csk-2F09FcQiAIgu3c-2FmoDkd2a-2FUHGgx2Gc4o09A6wr8p6JZESCUEQiYoko716ksc8voCulxRe9GvMQUImSPShmcNpmufbW1xAJoWuq3UN1vLxFL47RrVHxYBh18-2BYNgwFQDbhwjAOZNrKhPZMjzQFpw29TT6dZffrrmF2sgQMKFFJT7gi-2BllgplG-2F-2BCtC0PIpihfy80rjiJIzQKc-2FZPcYULKr-2BlqvDZdJEyUPL2JOKOiHpEMbHu-2FyyXk4ZSDSL36xMdPFbDVsbJSu&amp;data=05%7C02%7Ctammy%40digitalhealth.net%7C49a04219224a4a19ad6f08dd9de4f9f9%7Cfb51f9593e2f4cf8adb47c079d8ae9bc%7C0%7C0%7C638840329116198589%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&amp;sdata=u3kgV4KThLxshSnNZ9lNmHfkwdDyTBtd6tTr%2FHi4UMo%3D&amp;reserved=0\" target=\"_blank\" rel=\"noopener\"> Check Point Software<\/a>, said: \u201cThis wasn\u2019t a one-off. It\u2019s part of a growing pattern in which critical sectors, such as healthcare, are being quietly compromised through third-party software.\u201d<\/p>\n<p>Meanwhile, in May 2025, suppliers to the NHS were <a href=\"https:\/\/www.digitalhealth.net\/2025\/05\/nhs-suppliers-urged-to-sign-cyber-security-best-practice-charter\/\" target=\"_blank\" rel=\"noopener\">urged by NHSE to sign a charter of cyber security best practice<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"NHS England is investigating a cyber incident at University College London Hospitals NHS Foundation Trust (UCLH) and University&hellip;\n","protected":false},"author":2,"featured_media":143974,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4316],"tags":[13311,105,4348,62150,62151,62152,3204,10080,15567,16,15,62153,62154],"class_list":{"0":"post-143973","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-healthcare","8":"tag-cyber-attacks","9":"tag-health","10":"tag-healthcare","11":"tag-ivanti","12":"tag-ivanti-endpoint-manager-mobile","13":"tag-national-cyber-security-centre","14":"tag-ncsc","15":"tag-nhs-england","16":"tag-nhse","17":"tag-uk","18":"tag-united-kingdom","19":"tag-university-college-london-hospitals-nhs-foundation-trust","20":"tag-university-hospital-southampton-nhs-foundation-trust"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@uk\/114596551403235262","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/143973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/comments?post=143973"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/posts\/143973\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media\/143974"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/media?parent=143973"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/categories?post=143973"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/uk\/wp-json\/wp\/v2\/tags?post=143973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}