Two NHS Trusts – University College London Hospitals and University Hospital Southampton – had data accessed after a cyberattack. Register your interest to stay informed and receive updates if this claim is taken forward by one of our partner law firms.
Join the Claim isn’t a law firm. We connect you with regulated UK firms that run group action claims. If one of our partner firms takes this case forward, we’ll share more details, including how to check your eligibility.
Register your interest
Overview
If you received care at a hospital managed by the University College London Hospitals Trust or the University Hospital Southampton Trust, your personal data could have been exposed in a serious cyberattack.
The breach involved the Ivanti Endpoint Manager Mobile (EPMM), a tool used by organisations to manage staff mobiles. While the full extent of the cyberattack is still being assessed, experts have warned this type of breach could lead to unauthorised access of potentially sensitive NHS patient records and medical data.
One leading cybersecurity expert has described the breach as a “wake-up call for the healthcare system”. He also said the hack could compromise personal data, critical hospital operations, appointments, surgeries, systems, and medical devices essential for patient care.
If you were treated at any of the hospitals managed by either of these trusts, your personal data could be at risk.
We are monitoring the situation closely. Register your interest and we’ll keep you updated if one of our regulated UK partner law firms is able to take this claim forward.
NHS Trust breach – At a glance
Status
Stay Informed
What do we know about the NHS Trust data breach?
Take a moment to answer a few simple questions so we can understand your connection and keep you updated.
Share your details so we can keep you informed if any updates become available.
If a partner law firm takes this claim forward, we’ll let you know the next steps and how to join.
A cyberattack exploited vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), a widely used software tool for managing mobile devices. As a result, two NHS Trusts – University College London Hospitals and University Hospital Southampton – had data accessed without authorisation.
Ivanti discovered the critical vulnerabilities on 15 May 2025, and reports of the NHS Trusts being affected emerged on 28 May 2025.
The exposed data reportedly includes staff phone numbers, IMEI numbers (used to identify individual mobile devices) and authentication tokens (used to access internal systems).
While the full extent of the breach is still being assessed, experts warn sensitive patient records and medical data could also be at risk.
While the scale of the breach has not been confirmed, if you were treated at any of the hospitals managed by University College London Hospitals or University Hospital Southampton, your personal data could be compromised. Hospitals managed by these trusts include:
If you are a patient of one of the affected Trusts and are concerned:
A group action claim allows people affected by the same issue to take action together. This strength in numbers helps stand up to big organisations. Join the Claim helps connect people with law firms so these actions have real impact.
No. Our service is completely free to consumers, and we’ll keep you updated if a claim you could join becomes available through our partner firms.
28 May 2025
News outlets - including Join the Claim - report that University College London Hospitals NHS Foundation Trust and University Hospital Southampton NHS Foundation Trust have been affected by the cyberattack. NHS England confirms it is monitoring the situation in collaboration with cybersecurity partners, including the National Cyber Security Centre (NCSC).
15 May 2025
A critical vulnerability is discovered in Ivanti Endpoint Manager Mobile (EPMM), a tool used by organisations to manage employee mobile devices. The flaw, when exploited, allows unauthorised access to internal systems, potentially compromising sensitive patient data.
We’ll provide more updates on this case as they happen.
If you were treated at any of the hospitals managed by University College London Hospitals or University Hospital Southampton, your personal data could be compromised.
Register to stay updated and we’ll let you know if a partner law firm takes this claim forward.
We connect consumers with their legal dream teams to ensure they get the compensation and support they deserve.
Join the Claim is not a law firm. We connect individuals with top law firms for group action claims, and our service is free to use. While we may receive a fee from the law firms we introduce you to, this will not affect your costs or compensation. We are not responsible for the advice or services provided by these firms. Please note, nothing on this website is legal advice, and while we check claim eligibility, we cannot guarantee a law firm will accept a case.
Join the Claim is a registered trading name of Big on Media ltd. Big on Media is registered in the United Kingdom under licence number 09878028 with its registered office located at Big on Media, 32 Eyre Street, Sheffield, England, S1 4QZ
© Join the Claim All Rights Reserved |
