- An NHS organization was struck by a cyber attack
- The attack occurred in May 2024 but was never publicly disclosed
- Attack on NHS professionals seems to have been a failed ransomware attempt
A cyber attack targeting NHS professionals, a private company held by the Ministry of Health and Social Coins, led to the theft of its Active Directory data – but the violation was never publicly disclosed, despite the attack in May 2024.
A report of The registerCiting a Deloitte incident report, the notes attackers used a Citrix Compromis account to obtain initial access.
Once inside, the attackers stole a “very precious NTDS file and engaged in a new malicious activity”. The criminals moved laterally inside the organization network using access to RDP and SMB sharing, although it is not clear how they increased their privileges in the domain administration level.
A major event
NHS Professionals provides temporary staff to NHS trustees across England, and the site has more than 190,000 registered health professionals, as well as more than 1,000 employees.
The initiate’s comments say that the attack is suspected of being linked to Spottered Spider and seemed to be an attempt to attack Ransomware – perhaps similar to the ransomware attacks carried out by the group earlier in 2025 targeting three huge British retailers.
The Deloitte report also quotes a lack of multi-factor authentication (MFA) on domain accounts as one of the main reasons why the attackers were authorized to access. At the same time, the organization had no detection and final point response solutions deployed in all its environment, which means that criminals could move to the unteashed network.
“Our cybersecurity systems and our future attenuation have provided no disruption of our services, and we found that no data or other information was compromised, despite the attempt,” confirmed a spokesperson for national health professionals.
“We worked quickly and in close collaboration with the key partners NHS England and the Ministry of Health and Social Coins, and the Office of the Information Commissioner, to investigate this incident.”
“NHS professionals are attached to the highest standards of cybersecurity and comply with strict requirements concerning information governance. We continue to remain vigilant according to our security policies and procedures.”
