University College London Hospitals (UCLH) and University Hospital Southampton have been hit by a cyber attack involving a known vulnerability in mobile device management software. The breach, confirmed earlier in May 2025, has prompted a joint investigation led by NHS England and the National Cyber Security Centre (NCSC).
Hackers exploited a flaw in Ivanti Endpoint Manager Mobile, a widely used mobile device management tool. The vulnerability, now patched, could be chained to allow unauthenticated remote code execution, enabling attackers to run malicious programs within affected systems.
According to cybersecurity analysts at EclecticIQ, threat actors operating from an IP address linked to China used the vulnerability to gain access and control over target systems. Although Ivanti confirmed the flaw has been fixed, the severity of the exploit raises concerns about broader network access, including the possibility of entry into sensitive systems like electronic patient records.
UCLH acknowledged that its mobile device management software was briefly compromised. While no patient data or staff passwords were involved, the breached system did contain staff mobile phone numbers and IMEI identifiers. Impacted staff members are being contacted directly.
A UCLH spokesperson assured that the issue was quickly resolved, and investigations are ongoing:
“We want to reassure patients and staff that we are committed to protecting their data and privacy. We are working closely with NHS England’s cyber security response team to thoroughly investigate the incident.”
NHS England confirmed that while clinical services remain unaffected, it is treating the incident as a serious cyber event. They emphasised there is currently no evidence of patient data compromise, but confirmed 24/7 cybersecurity monitoring is in place across NHS systems.
“We’re investigating this potential breach with our cybersecurity partners, and supporting the affected trusts to ensure swift mitigation.”
Experts warn that this attack is part of a broader trend in which healthcare systems are being targeted through third-party software vulnerabilities.
The NCSC has also issued a warning, urging all organisations using Ivanti software to implement vendor-recommended security updates and mitigation steps without delay.
This incident highlights the growing cyber risk associated with mobile device software in healthcare. As hospitals and NHS trusts rely more heavily on mobile technology for operational efficiency and remote access, mobile security must be given equal priority alongside traditional IT systems.
Key Cybersecurity Takeaways for NHS Trusts and Healthcare Providers:
Audit third-party software dependencies, especially those with elevated access to internal systems
Implement mobile device management (MDM) policies with security-first configurations
Deploy multi-factor authentication (MFA) across all access points, including mobile
Regularly update and patch all systems to mitigate known vulnerabilities
Strengthen incident response plans and ensure staff are trained to report and respond to suspicious activity
The recent cyber incident involving Ivanti software at UCLH and University Hospital Southampton serves as a wake-up call for healthcare cybersecurity. Even when patient data is not directly exposed, the presence of exploitable vulnerabilities in mobile device software can threaten operational integrity and trust.
NHS and health organisations must move beyond reactive defence and adopt proactive security strategies.