- An NHS organization was beaten with a cyber attack
- The attack occurred in May 2024 but was never publicly revealed
- The attack against NHS professionals seems to have been a failed ransomware attempt
A cyber attack aimed at NHS professionals, a private company owned by the Department of Health and Social Care, resulted in theft of Active Directory data, however, the violation was never publicly revealed, although the attack occurred in May 2024.
A report of The registrationCiting a Deloitte incident report, notes attackers used a compromised Citrix account to obtain initial access.
Once inside, the attackers stole a “highly valuable NTDS.DIT file and dedicated themselves to an additional malicious activity.” The criminals moved laterally within the organization’s network using access to RDP and SMB Share, although it is not clear how their privileges increased due to the domain administrator level.
An important event
NHS Professionals provides temporary personnel to NHS trusts in England, and the site has more than 190,000 registered health professionals, as well as more than 1,000 employees.
Internal comments say it is suspected that the attack is linked to a scattered spider, and seemed to be an attempt to attack ransomware, perhaps similar to ransomware attacks carried out by the group previously in 2025 aimed at three huge retailers in the United Kingdom.
The Deloitte report also cites a lack of authentication of multiple factors (MFA) in domain accounts as one of the main reasons why the attackers were allowed to access. Along with this, the organization did not have solutions for detection and end -point response implemented throughout its environment, which means that criminals could move inside the network without being detected.
“Our cybersecurity systems and future mitigation did not ensure an interruption of our services, and we discovered that the data or other information did not compromise, despite the attempt,” confirmed a spokesman for the national health service professionals.
“We work quickly and closely with the key NHS England partners and the Department of Health and Social Care, and the Information Commissioner’s Office, to investigate this incident.”
“The NHS Professionals is committed to the highest cyber security standards and meets the strict requirements around information governance. We continue to keep vigilants according to our security policies and procedures.”
