Two more NHS Trusts have been hit with cyber attacks – here’s what we know so far
Two NHS trusts have suffered cyber attacks which exposed staff data, prompting fresh calls for more robust supply chain security practices.
University College London Hospitals (UCLH) NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust were targeted in an attack which exploited a flaw in Ivanti Endpoint Manager Mobile (EPMM) – a tool used to manage employee mobile devices.
The flaw was discovered on May 15th, and has since been patched by Ivanti.
UCLH said it was investigating with the help of cybersecurity experts at NHS England, but said it had ‘no evidence’ that patient data was accessed.
“The UCLH system which was compromised contained data about staff mobile devices such as the mobile number and the IMEI number (a unique code to identify the phone on the mobile network),” it said in a statement. “It did not contain passwords or patient data.”
According to reports from Sky News, which first revealed the incident, analysts at security firm EclecticIQ have identified other victims, including agencies and businesses across Scandinavia, the UK, the US, Germany, Ireland, South Korea, and Japan.
The attacks originated from a China-based IP address, although there’s been no definite attribution.
NHS cyber attacks continue
The NHS has repeatedly fallen victim to hackers over the last couple of years.
In June 2024, for example, thousands of procedures at London hospitals were cancelled following a cyber attack on blood testing company Synnovis, claimed by the Russian-speaking ransomware group Qilin.
Similarly, last November Wirral University Teaching Hospital Trust in Merseyside was hit by a major cybersecurity incident that led to appointments being cancelled.
This latest attack highlights the risks of poor vendor security management within the NHS, according to Dray Agha, senior manager of security operations at Huntress.
“The breach reportedly stemmed from a recently discovered exploit in third-party software. This is a stark reminder that healthcare security isn’t solely about the NHS trusts’ own systems,” said Agha.
“Robust vendor risk management, continuous vulnerability patching across the entire digital supply chain, and swift incident response coordination with suppliers are absolutely critical defences.”
The NHS is all too aware of the problems it faces with regard to cyber threats, and recently launched a new cybersecurity charter aimed at strengthening vendor security practices.
Suppliers will be asked to adhere to eight core principles, including staying up to date with the latest patches, applying multi-factor authentication (MFA) on their networks and systems, keeping ‘immutable’ backups of all critical business data and conducting round-the-clock threat monitoring.
MORE FROM ITPRO
Source link
