![](\"https:\/\/www.insurancejournal.com\/app\/uploads\/2025\/08\/nhs-logo-on-laboratory-coats-bloomberg-580x387.jpg\"){kind=logo}
<\/p>\n![](\"https:\/\/www.insurancejournal.com\/app\/uploads\/2025\/08\/nhs-logo-on-laboratory-coats-bloomberg-scaled.jpg\"){kind=logo}
<\/div>\nHackers have stolen login credentials from thousands of people working with the UK\u2019s National Health Service, putting the organization at risk of further cyberattacks, according to researchers.<\/p>\n
The data theft is linked to a kind of malicious software known as an infostealer, which infects targeted computers and covertly gathers login credentials that hackers can then use to gain access to an organization\u2019s internal systems.<\/p>\n
About 2,000 computers used by people working with the National Health Service, or NHS, which runs hospitals and clinics across the country, have been compromised by infostealers, according to an analysis by the Tel Aviv-based cybersecurity firm Hudson Rock<\/a>.<\/p>\n A spokesperson for NHS England didn\u2019t directly address Hudson Rock\u2019s allegations. However, the spokesperson said the agency has worked closely with cybersecurity partners, including the National Cyber Security Centre, to manage risks and provide \u201c24\/7\u201d cyber monitoring and incident response across the national health service. That includes using a \u201chigh-severity alert system\u201d that enables trusts to prioritize the most critical vulnerabilities and remediate them as soon as possible, the spokesperson said.<\/p>\n The NHS also used multifactor authentication as an additional security measure to prevent cyber criminals from accessing staff accounts, the spokesperson said.<\/p>\n Many of the stolen credentials are for accounts that have been registered with an NHS.net email address, meaning they belong to an NHS employee or affiliate, such as a pharmacist or an IT consultant, according to Hudson Rock. The credentials were stolen between 2020 and 2025 and include passwords for internal NHS email systems and for other platforms such as Zoom, Zendesk, Salesforce and NHS.uk., according to the analysis.<\/p>\n Crucially, the infostealers don\u2019t just harvest passwords \u2014 they often collect session cookies from the computers they infect, which can enable hackers to spoof legitimate logins and bypass multifactor authentication.<\/p>\n \u201cThese credentials could potentially enable unauthorized access to critical infrastructure,\u201d according to Alon Gal, Hudson Rock\u2019s co-founder and chief technology officer.<\/p>\n Around 200 of the employees have had their computers compromised by infostealers so far in 2025, Gal said in a message to Bloomberg News. Hudson Rock purchased the stolen data from cyber criminals and used it for its analysis. It\u2019s not uncommon for cybersecurity researchers to analyze data stolen by hackers.<\/p>\n The stolen data came directly from computers infected by infostealers, and other evidence supported its veracity, including user\u2019s browsing history and autofill information, Gal said, adding that the credentials also correlated with real people employed at NHS and other companies through LinkedIn and elsewhere.<\/p>\n It isn\u2019t known if the stolen credentials have been used for more intrusive attacks at NHS.<\/p>\n Saif Abed, a cybersecurity expert and former NHS doctor, said he had reviewed Hudson Rock\u2019s data and was alarmed by what he\u2019d seen. The stolen credentials included logins for electronic health record suppliers and credentials for administrator accounts, which could potentially be abused to access sensitive internal systems, he said.<\/p>\n The NHS and its supply chain, Abed said, was \u201ccompromised at levels that are a threat to patient safety.\u201d He called for a national investigation into the health service\u2019s cybersecurity.<\/p>\n The NHS has been the victim of several highly disruptive cyberattacks in recent years. In 2022, a hack on a NHS contractor disrupted doctors\u2019 access to patient records and caused widespread disruption. An attack on another contractor last year resulted in thousands of canceled appointments at hospitals in London, causing the death of one patient and serious harm to others, Bloomberg previously reported.<\/p>\n The concern is that the scourge of infostealers could lead to yet another NHS breach. Similar types of attacks have caused damage to the health sector in other countries. A crippling ransomware attack on the UnitedHealth Group Inc. subsidiary Change Healthcare last year, for instance, disrupted payment systems used by thousands of hospitals, insurers and pharmacies.<\/p>\n According to the Change Healthcare, the breach occurred after hackers obtained a compromised credential from one of its employees. Hudson Rock linked that credential theft to an infostealer breach just days prior to the attack.<\/p>\n Photograph: National Health Service branding on laboratory coats at Guy\u2019s and St Thomas\u2019s Hospital in London, UK, on Thursday, May 25, 2023. Photo credit: Jose Sarmento Matos\/Bloomberg.<\/em><\/p>\n Related:<\/strong><\/p>\n Topics<\/span> Cyber<\/a> <\/p>\n<\/p><\/div>\n Was this article valuable?<\/p>\n<\/p><\/div>\n