University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust were recently compromised through an exploit in Ivanti Endpoint Manager Mobile (EPMM) software a program designed to help businesses manage employee phones. The vulnerability, discovered on May 15, 2025, allowed hackers to access, explore, and run programs on the targeted systems.

Unlike ransomware attacks that immediately announce their presence, this breach involved the clandestine theft of data. Security experts at EclecticIQ identified that the attackers accessed staff phone numbers, IMEI numbers, and technical data like authentication tokens. More concerning is that such breaches can enable hackers to access other sensitive information like patient records through remote code execution (RCE).

The consequences of this cyberattack are far-reaching and multifaceted:

• Data Compromise: Sensitive information was stolen, potentially including highly confidential patient records.
• Operational Disruption: Such attacks can lead to canceled surgeries, delayed treatments, and medical device failures.
• Trust Erosion: Public confidence in the NHS's ability to safeguard both patient data and health has been significantly undermined.
• Regulatory Scrutiny: The incident has prompted involvement from the National Cybersecurity Centre (NCSC), indicating the severity of the breach.

1. No Organization Is Too Small to Be Targeted

The attackers in this case used automated scans to find vulnerable systems rather than specifically targeting the NHS. Small businesses often mistakenly believe they're not valuable targets, but automated attacks don't discriminate by organization size they exploit vulnerabilities wherever they exist.

2. Third-Party Software Creates Significant Risk

The breach occurred through a vulnerability in Ivanti's software highlighting how third-party applications can create security gaps even with otherwise robust defenses. Small businesses typically rely heavily on third-party software, making this risk particularly relevant.

3. Prompt Patching Is Essential

While Ivanti released a fix for the vulnerability, systems that were already exploited remained at risk. This underscores the critical importance of applying security patches immediately upon release a practice many small businesses neglect.

4. Detection Capabilities Are as Important as Prevention

The clandestine nature of the attack emphasizes the need for robust detection systems. Many small businesses focus solely on prevention (firewalls, antivirus) while neglecting detection capabilities that could identify when systems have been compromised.

To better protect your small business from similar attacks, consider these practical steps:

1. Implement a Vulnerability Management Program: Regularly scan your systems for vulnerabilities and prioritize patching based on risk.
2. Audit Third-Party Software: Create an inventory of all third-party applications used in your business and monitor security advisories related to them.
3. Deploy Detection Systems: Invest in tools that can detect unusual network activity or unauthorized access attempts.
4. Create an Incident Response Plan: Develop and regularly test procedures for responding to security breaches.
5. Train All Employees: Ensure your staff understands basic security principles and knows how to identify and report suspicious activities.