Security News

UK NHS service recovery may take a month after MSP ransomware attack
2022-08-11 16:18

Managed service provider Advanced confirmed that a ransomware attack on its systems disrupted emergency services from the United Kingdom's National Health Service. Customers of seven solutions from the British MSP have been impacted either directly or indirectly, the company said.

UK NHS suffers outage after cyberattack on managed service provider
2022-08-05 22:43

United Kingdom's National Health Service 111 emergency services are affected by a significant and ongoing outage triggered by a cyberattack that hit the systems of British managed service provider Advanced. Advanced's Adastra client patient management solution, which is used by 85% of NHS 111 services, has been hit by a major outage together with several other services provided by the MSP, according to a status page.

Phishing operation hits NHS email accounts to harvest Microsoft credentials
2022-05-05 07:30

A phishing operation compromised over one hundred UK National Health Service employees' Microsoft Exchange email accounts for credential harvesting purposes, according to email security shop Inky. During the phishing campaign, which began in October 2021 and spiked in March 2022, the email security firm detected 1,157 phishing emails originating from NHSMail accounts that belonged to 139 NHS employees in England and Scotland.

Attackers hijack UK NHS email accounts to steal Microsoft logins
2022-05-04 18:17

For about half a year, work email accounts belonging to over 100 employees of the National Health System in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins. Attackers started using legitimate NHS email accounts in October last year after hijacking them and continued to use them in phishing activity through at least April 2022.

NHS Digital's demise bad for 55 million patients' privacy – ex-chairman
2022-03-04 11:53

Ten months after attempts first began to extract the medical information of 55 million citizens in England, NHS Digital's former chairman is warning the merger of the agency with NHS England threatens the privacy of people's personal data. The view was that if a patient had chosen to use the NHS they had implicitly agreed that their data could be used for the benefit of the NHS. Writing in trade publication the British Medical Journal, Kingsley Manning said health secretary Sajid Javid's decision to merge NHS Digital into NHS England and NHS Improvement last year was a "Retrograde step not least in the context of this government's clear intent to weaken the constraints on the use of patient data."

NHS urges orgs to apply security update for Okta Client RCE bug
2022-02-25 18:58

The UK's NHS Digital agency is warning organizations to apply new security updates for a remote code execution vulnerability in the Windows client for the Okta Advanced Server Access authentication management platform. "NHS Digital is the national digital, data and technology delivery partner for the NHS and social care system," explains the website for NHS Digital.

NHS Warns of Hackers Targeting Log4j Flaws in VMware Horizon
2022-01-07 23:04

The digital security team at the U.K. National Health Service has raised the alarm on active exploitation of Log4Shell vulnerabilities in unpatched VMware Horizon servers by an unknown threat actor to drop malicious web shells and establish persistence on affected networks for follow-on attacks. "The attack likely consists of a reconnaissance phase, where the attacker uses the Java Naming and Directory InterfaceTM via Log4Shell payloads to call back to malicious infrastructure," the non-departmental public body said in an alert.

NHS warns of hackers exploiting Log4Shell in VMware Horizon
2022-01-07 14:29

UK's National Health Service has published a cyber alert warning of an unknown threat group targeting VMware Horizon deployments with Log4Shell exploits. According to the NHS notice, the actor is leveraging the exploit to achieve remote code execution on vulnerable VMware Horizon deployments on public infrastructure.

East Londoners nicked under Computer Misuse Act after NHS vaccine passport app sprouted clump of fake entries
2021-12-16 16:04

British police have made a series of arrests over the past few months after people with apparent access to NHS databases allegedly sold fake vaccination status entries on the NHS vaccine passport app. Detective Superintendent Helen Rance said: "The staff at both trusts did the right thing and reported their concerns, which has allowed us to fully investigate the circumstances. I want to reassure the public that no systems were hacked into from outside of the NHS networks and the integrity of the NHS systems remains robust."

NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event
2021-10-20 11:28

NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages. The first email sent yesterday morning thanked participants for "Registering for NHS Digital's Full Digital Breakfast: Let's talk cyber, scheduled for Thursday 21 October 2021, 8:00-9:00am."