Threat to Patient Safety: Hackers Compromise 2,000 NHS Computers with Infostealer Malware

The National Health Service (NHS) in the United Kingdom has been hit by a sophisticated cyberattack, with hackers stealing login credentials from thousands of employees and compromising over 2,000 computers. The data theft is linked to an infostealer, a type of malicious software that infects targeted computers and gathers login credentials covertly.

According to researchers at Hudson Rock, a Tel Aviv-based cybersecurity firm, the infostealers have stolen passwords for internal NHS email systems, as well as for platforms such as Zoom, Zendesk, Salesforce, and NHS.uk. The compromised data includes passwords registered with an NHS.net email address, which belong to NHS employees or affiliates.

The breach is believed to have occurred between 2020 and 2025, with around 200 employees having had their computers infected by infostealers so far in 2025. Hudson Rock purchased the stolen data from cybercriminals and used it for its analysis.

The analysis by Hudson Rock reveals that the infostealers not only harvest passwords but also collect session cookies, which can enable hackers to spoof legitimate logins and bypass multifactor authentication. This increases the risk of unauthorized access to critical infrastructure.

Alon Gal, co-founder and chief technology officer at Hudson Rock, warned that the stolen credentials could potentially be used for more intrusive attacks on NHS. "These credentials could enable unauthorized access to critical infrastructure," he said in a statement.

Cybersecurity expert Saif Abed, a former NHS doctor, reviewed Hudson Rock's data and expressed alarm at what he saw. The stolen credentials included logins for electronic health record suppliers and administrator accounts, which could be abused to access sensitive internal systems.

Abed called for a national investigation into the NHS's cybersecurity, stating that the breach was "compromised at levels that are a threat to patient safety." He also highlighted the need for improved security measures and increased awareness among employees.

The NHS has been the victim of several highly disruptive cyberattacks in recent years. In 2022, a hack on a NHS contractor disrupted doctors' access to patient records, causing widespread disruption. An attack on another contractor last year resulted in thousands of canceled appointments at hospitals in London, causing the death of one patient and serious harm to others.

The concern is that the scourge of infostealers could lead to yet another NHS breach. Similar types of attacks have caused damage to the health sector in other countries, such as a crippling ransomware attack on the UnitedHealth Group Inc. subsidiary Change Healthcare last year.

A National Investigation Needed

The NHS must take immediate action to address this breach and prevent further cyberattacks. A national investigation into the health service's cybersecurity is long overdue, and it is essential that those responsible are held accountable.

Improved security measures, such as multifactor authentication, must be implemented across all NHS systems. Additionally, increased awareness and training for employees are necessary to prevent similar breaches in the future.

The breach of NHS computers by infostealers highlights the ongoing threat of cyberattacks to public health services. It is crucial that governments, healthcare organizations, and cybersecurity experts work together to address this issue and ensure patient safety.