Are you affected by the latest NHS Trusts (Ivanti) data breach? If so, you might be due compensation and justice.
No-win, no-fee
Expert help
Save time
Get compensation
Overview
If you received care at a hospital managed by the University College London Hospitals Trust or the University Hospital Southampton Trust, your personal data could have been exposed in a serious cyberattack.
The breach involved the Ivanti Endpoint Manager Mobile (EPMM), a tool used by organisations to manage staff mobiles. While the full extent of the cyberattack is still being assessed, experts have warned this type of breach could lead to unauthorised access of potentially sensitive NHS patient records and medical data.
One leading cybersecurity expert has described the breach as a “wake-up call for the healthcare system”. He also said the hack could compromise personal data, critical hospital operations, appointments, surgeries, systems, and medical devices essential for patient care.
If you were treated at any of the hospitals managed by either of these trusts, your personal data could be at risk.
Under UK data protection law, you may be entitled to compensation if your information was compromised due to inadequate security practices. We have spoken to lawyers who are currently investigating a potential group legal action. If you think you might be eligible to join a claim, check your eligibility now.
NHS Trust breach – At a glance
Deadline
Claim pending
What do we know about the NHS Trust data breach?
Can you claim compensation for the Ivanti NHS Trust data breach?
Think you might be owed compensation? Use our quick checker to find out. If you’re potentially eligible, register to get key updates – and we’ll let you know if a claim goes ahead.
Answer a few quick questions to see if you could be part of a future claim.
Sign up for updates - and we’ll alert you if a claim is launched.
If we find a suitable claim, we’ll let you know what to do next.
A cyberattack exploited vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), a widely used software tool for managing mobile devices. As a result, two NHS Trusts – University College London Hospitals and University Hospital Southampton – had data accessed without authorisation.
Ivanti discovered the critical vulnerabilities on 15 May 2025, and reports of the NHS Trusts being affected emerged on 28 May 2025.
The exposed data reportedly includes staff phone numbers, IMEI numbers (used to identify individual mobile devices) and authentication tokens (used to access internal systems).
While the full extent of the breach is still being assessed, experts warn sensitive patient records and medical data could also be at risk.
While the scale of the breach has not been confirmed, if you were treated at any of the hospitals managed by University College London Hospitals or University Hospital Southampton, your personal data could be compromised. Hospitals managed by these trusts include:
If you are a patient of one of the affected Trusts and are concerned:
Patients have the right to hold organisations accountable when their sensitive information is mishandled. And, under UK data protection law, you may be entitled to compensation if your information was compromised due to inadequate security practices.
We cannot say how much compensation you might get if you win your data breach case. Each claim is based on its merits and your solicitor will work to get the compensation owed to you.
In the UK, if a group of people have experienced loss, or otherwise been harmed by an organisation’s law breaking, they can come together to fight for justice. Levelling the playing field when standing up to big businesses, group actions prove that there is strength in numbers. At Join the Claim, we bring consumers and law firms together to ensure these group actions are as powerful as possible.
We won’t charge you a single penny. And we ensure any law firms we connect you with operate on a no-win-no-fee basis. If you win, the law firm will either take its fees from your compensation payment or recover these from the defendants.
Want the full picture, including what to check before signing? Read our complete guide to no win, no fee agreements here.
28 May 2025
News outlets - including Join the Claim - report that University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust have been affected by the cyberattack. NHS England confirms it is monitoring the situation in collaboration with cybersecurity partners, including the National Cyber Security Centre (NCSC).
15 May 2025
A critical vulnerability is discovered in Ivanti Endpoint Manager Mobile (EPMM), a tool used by organisations to manage employee mobile devices. The flaw, when exploited, allows unauthorised access to internal systems, potentially compromising sensitive patient data.
We’ll provide more updates on this case as they happen.
Find out if you could potentially join a future no-win, no-fee NHS Trusts data breach claim.
It will only take a few minutes, and there’s no obligation to proceed.
We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.
Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.
Join the Claim is a registered trading name of Big on Media ltd. Big on Media is registered in the United Kingdom under licence number 09878028 with its registered office located at Big on Media, 6 Sunderland Street, Tickhill, Doncaster, DN11 9QJ
© Join the Claim All Rights Reserved | 2025
