A “wake up call” for the NHS: Cyber hack raises fears over patient data security

If you received care at a hospital managed by University College London Hospitals or University Hospital Southampton, your personal data could have been exposed. 

Two of the UK’s leading NHS trusts – University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust – have been named in connection with a serious cyberattack that may have compromised patient and staff data. 

Here’s what cybersecurity experts have revealed so far:  

  • The breach was not a ransomware attack. Instead, attackers accessed systems covertly and extracted data by exploiting a software flaw 
  • The hackers exploited a vulnerability in Ivanti Endpoint Manager Mobile (EPMM), a software tool used to manage staff devices 
  • The software weakness was discovered on 15 May. It has now been fixed, but it is unclear whether systems previously exploited could still be vulnerable. 

What information was accessed?

The exposed data reportedly includes: 

  • Staff phone numbers 
  • IMEI numbers (used to identify individual mobile devices) 
  • Authentication tokens (used to access internal systems). 

While the full extent of the breach is still being assessed, experts warn that this type of access could also lead to unauthorised entry into other IT systems managed by the NHS – including potentially sensitive patient records and medical data. 

One leading cybersecurity expert has described the breach as a “wake-up call for the healthcare system”. He has warned of the risk – not only to personal data – but across the NHS, potentially impacting critical hospital operations, appointments, surgeries, and systems and medical devices essential for patient care. 

What can you do if you think you could be affected?

While the scale of the breach has not been confirmed, if you were treated at any of the hospitals managed by University College London Hospitals or University Hospital Southampton, your personal data could be compromised. This means you should be vigilant for signs of identity fraud, suspicious communications, or unusual activity related to your medical records. 

Hospitals managed by these trusts include:  

University College London Hospitals NHS Foundation Trust

  • Elizabeth Garrett Anderson Wing
  • Hospital for Tropical Diseases
  • Institute of Sport, Exercise and Health
  • National Hospital for Neurology and Neurosurgery
  • Royal London Hospital for Integrated Medicine
  • Royal National ENT and Eastman Dental Hospitals
  • University College Hospital
  • University College Hospital at Westmoreland Street
  • University College Hospital Grafton Way Building
  • University College Hospital Macmillan Cancer Centre

University Hospital Southampton NHS Foundation Trust

  • Southampton General Hospital
  • Princess Anne Hospital
  • New Forest Birth Centre
  • Royal South Hants Hospital
  • Lymington New Forest Hospital

Could you be due compensation?

Patients have the right to hold organisations accountable when their sensitive information is mishandled. And, under UK data protection law, you may be entitled to compensation if your information was compromised due to inadequate security practices. 

We have spoken to lawyers who are currently investigating a potential group legal action. If you think you might be able to join a claim, check your eligibility now.

Check your eligibility now

Found this helpful? Share it

Facebook
Twitter
WhatsApp
LinkedIn
Email

Or

You may also like:

Can BMW drivers claim compensation for the diesel emissions scandal?

BMW faces legal action over emissions-cheating software. Learn what the scandal involves, who is affected, and what it means for UK diesel car owners.

Asda equal pay claim: Can store workers fight for fair wages?

Asda store workers may be underpaid. Check if you qualify for an equal pay claim and take action to seek the compensation you deserve.

Capita data breach: Legal response & ongoing investigations

Capita’s data breach exposed pension holders’ personal data. Stay updated on the latest legal action, investigations, and regulatory responses.

You might also like

See more resources

Several bottles of Johnson's baby powder on a store shelf, symbolising the Johnson and Johnson talc lawsuit over alleged asbestos contamination and cancer risks.
  • Health & Medical, News

Johnson & Johnson talc lawsuit in the UK: What you need to know

A UK lawsuit claims Johnson & Johnson’s talc products cause cancer. Learn about the case,...
Low-angle view of people walking in a city, symbolising unity and collective action, related to key facts about group litigation for seeking justice.
  • News

10 must-know facts about group litigation for first-time claimants

Discover 10 essential facts about group litigation for first-time claimants. Learn how joining a group...
  • News, Travel

How to claim compensation for flight delays or cancellations in the UK

Delayed 3+ hours or had a cancelled flight? You could claim up to £520 under...

Did you know we have a newsletter?

Sign up for our newsletter to stay up to date.

We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.

claims
About
Legal
Connect

Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.

Join the Claim is a registered trading name of Big on Media ltd. Big on Media is registered in the United Kingdom under licence number 09878028 with its registered office located at Big on Media, 6 Sunderland Street, Tickhill, Doncaster, DN11 9QJ

© Join the Claim All Rights Reserved | 2025

Go to claims