After Legal Aid Agency breach, more woe for the Public Sector as two NHS Trusts are hacked
The trend of high-profile cyberattacks on key UK organisations continued earlier this month, when two NHS Trusts were hit by a significant breach originating from a flaw in a third-party provider’s app.
Not only did these attacks highlight ongoing vulnerabilities within public sector organisations, but they also underscored the risks that can arise from weaknesses in an organisation’s supply chain. The two Trusts—University College London Hospitals and University Hospital Southampton NHS Foundation Trust—were breached after a flaw in third-party supplier Ivanti’s Endpoint Manager Mobile was exploited.
READ MORE: New Report Reveals €3.2 Billion Cybersecurity Impact on All-Island Economy as Cyber Ireland and NI Cyber Sign MoU
Ivanti’s tool is used to manage employee mobile devices. While both Trusts were confident that no patient data was accessed, attackers did obtain staff mobile numbers and IMEI numbers (unique codes used to identify phones on mobile networks). The breach has had global ramifications, with government agencies and businesses across Europe and Asia also reportedly affected.
This attack is significant for two reasons. First, it reinforces the growing threat public sector organisations face from cybercriminals. This shouldn’t come as a surprise, but with too many organisations only reacting after a breach, this incident must act as yet another wake-up call. Second, it highlights that no matter how much is invested in frontline cybersecurity, vulnerabilities within the supply chain can render that investment ineffective by leaving ‘back doors’ open.
The public sector, particularly healthcare, has been severely impacted by supply chain attacks in recent years, most notably the Synnovis attack, which significantly disrupted hospital operations and patient care. However, there are ways forward, as AJ Thompson, CCO at Northdoor plc, explains:
“This breach is yet another reminder that cybercriminals are constantly searching for entry points into organisations holding valuable or sensitive data. Increasingly, they are turning to supply chain partners as the path of least resistance.
“The Synnovis incident, along with the attack via Ivanti technology, shows just how important it is for organisations to fully understand the vulnerabilities within their partner networks and to close them before they can be exploited.
“Supply chains today are often large and complex, and for public sector organisations operating with constrained budgets and limited internal resources, keeping up with emerging threats across their partner ecosystem can feel daunting. Traditional methods like surveys and questionnaires, which rely on the honesty and knowledge of third-party IT teams, are no longer enough.
“The good news is that technology is evolving. New tools now provide organisations with a 360-degree view of risks across their supply chains, enabling proactive conversations with partners to close vulnerabilities before they can be exploited.
“With threats growing in sophistication and scale, visibility into your supply chain risks is no longer optional—it’s essential,” concluded Thompson.
Read the latest edition, Summer 2025, of Sync NI here completely free of charge.
Subscribe to the Sync NI newsletter for all the latest technology news, jobs and upcoming events in Northern Ireland.
Visit Sync NI online for the latest technology news in Northern Ireland.
