- Cisco bolsters DNS security package
- 10 must-try Google Photos tips and tricks - including a new AI editor
- AI could erase half of entry-level white collar jobs in 5 years, CEO warns
- Is all this data about our health good for our health?
- Why I prefer this Lenovo tablet over the iPad for multimedia consumption - and it's $130 off
Ivanti Vulnerability Exploit Could Expose UK NHS Data
Two healthcare organizations in the UK are said to be among the victims of a malicious campaign involving the exploitation of a vulnerability linked to cybersecurity hardware provider Ivanti.
According to Netherlands-based cybersecurity company EclecticIQ, threat actors have attempted to exploit a vulnerability in Ivanti Endpoint Manager Mobile (EPMM).
The campaign targeted a wide range of organizations across several countries, including Scandinavia, the UK, the US, Germany, Ireland, South Korea and Japan.
In the UK, two National Health Service (NHS) England trusts are among the targets and may have seen patient data exposed in the wild, according to EclecticIQ.
These are the University College London Hospitals NHS Foundation Trust and the University Hospital Southampton NHS Foundation Trust.
In a recent report, Sky News stated that it had been shown evidence indicating that both trusts have had their IT systems accessed maliciously.
Cody Barrow, CEO of EclecticIQ, also told Sky News that such an attack raises the “potential for unauthorized access to highly sensitive patient records,” including staff phone numbers, IMEI numbers and technical data like authentication tokens.
However, sources close to the matter told Infosecurity that there is currently no evidence to suggest patient data has been accessed.
Speaking to Infosecurity, NHS England said it is monitoring the situation and collaborating with the UK’s National Cyber Security Centre (NCSC).
“Health services are not currently affected, and patients should continue to use NHS services as normal,” an NHS England spokesperson also told Infosecurity.
“NHS England provides 24/7 cyber monitoring and incident response across the NHS, and we have a high severity alert system that enables trusts to prioritize the most critical vulnerabilities and remediate them as soon as possible,” they added.
Chained Exploit of Ivanti Vulnerabilities
According to the Sky News report, the Ivanti vulnerability exploited in this campaign was first discovered on May 15 and has since been fixed.
This could be linked to two recent vulnerabilities in Ivanti EPMM that were reported to the manufacturer by the CERT-EU on May 13.
These two vulnerabilities, CVE-2025-4427 and CVE-2025-4428, with CVSS ratings of 5.3 and 7.2, respectively, were observed being exploited in the wild in a chained attack, as reported in a May 13 advisory by Ivanti.
When chained together, these vulnerabilities enable an attacker to bypass authentication using CVE-2025-4427 and subsequently exploit CVE-2025-4428 to achieve remote code execution, resulting in a critical impact.
Ivanti released a patch in its May 13 advisory. On May 15, security firm WatchTowr published a technical analysis and proof-of-concept exploit.
The EclectiqIQ analysts told Sky News they have identified the hackers exploiting the Ivanti backdoor as having used an IP address based in China.
Additionally, their modus operandi is similar to that of previous China-based actors, suggesting that the attack likely originates from a Chinese-sponsored threat actor.
A security advisory addressing the vulnerabilities was also published by NHS England on May 14.
A Public Security Charter for Healthcare Vendors
Emran Ali, Associate Director of Cyber Security at Bridewell, commented: “Healthcare organizations are custodians of highly sensitive patient data, and a successful attack can lead not just to data theft, but clinical risks from manipulated or inaccessible records. These incidents often exploit vulnerabilities in the software supply chain, making third-party security a critical weak point.”
“We have seen recently the NHS’s call for technology vendors to sign a public security charter reflects a critical shift toward accountability in an increasingly complex digital supply chain,” he added.
“Addressing these challenges requires a holistic, continuous approach to vendor management, technical controls, and incident response – ensuring healthcare services can protect patient safety while meeting modern digital demands.”
In a recent healthcare security report, Netskope Threat Labs found that 81% of all data policy violations were for regulated healthcare data protected under legislations like the EU’s and UK’s General Data Protection Regulation (GDPR).
