NHS Faces Cyber Threat After Hackers Steal Thousands of Passwords

Hackers have stolen login credentials from thousands of NHS employees in the UK, compromising about 2,000 computers used by staff. The stolen data includes passwords for internal NHS email systems, Zoom, Zendesk, Salesforce, and NHS.uk. The hackers used an infostealer tool, which collects session cookies to bypass multifactor authentication. The stolen credentials could potentially enable unauthorized access to critical infrastructure.

July 2, 2025

Hackers have stolen login credentials from thousands of NHS employees in the UK, compromising about 2,000 computers used by staff. The stolen data includes passwords for internal NHS email systems, Zoom, Zendesk, Salesforce, and NHS.uk. The hackers used an infostealer tool, which collects session cookies to bypass multifactor authentication. The stolen credentials could potentially enable unauthorized access to critical infrastructure.

The breach was detected by Hudson Rock, a cybersecurity firm based in Tel Aviv, which analyzed the data stolen from infected computers. Hudson Rock purchased the stolen data from cybercriminals and found that the credentials were used to access internal NHS systems. The compromised credentials included logins for electronic health record suppliers and administrator accounts, which could potentially be abused to access sensitive internal systems.

The NHS has been the victim of several highly disruptive cyberattacks in recent years. In 2022, a hack on an NHS contractor disrupted doctors’ access to patient records and caused widespread disruption. An attack on another contractor last year resulted in thousands of canceled appointments at hospitals in London, causing the death of one patient and serious harm to others.

The concern is that the scourge of infostealers could lead to yet another NHS breach. Similar types of attacks have caused damage to the health sector in other countries. A crippling ransomware attack on the UnitedHealth Group Inc. subsidiary Change Healthcare last year, for instance, disrupted payment systems used by thousands of hospitals, insurers, and pharmacies.

The NHS has implemented multifactor authentication as an additional security measure to prevent cybercriminals from accessing staff accounts. However, the stolen credentials could still pose a risk to patient safety and the integrity of NHS systems.

Investors should be aware of the potential financial implications of such a breach. Cybersecurity incidents can lead to significant financial losses, including the cost of remediation, legal fees, and potential fines. Additionally, a breach of this magnitude could damage the reputation of the NHS and have long-term effects on patient trust and confidence.

To mitigate these risks, investors should consider the cybersecurity posture of healthcare organizations and the measures they have in place to protect sensitive data. Strong password policies, multi-factor authentication, and regular vulnerability scanning are essential to securing sensitive systems.

References:
[1] https://www.bloomberg.com/news/newsletters/2025-08-06/hackers-steal-passwords-from-uk-s-nhs-with-sneaky-malware-tool-me0dvm6i