NHS recruitment firm had major security bugs which could have exposed entire systems

A naukri.com initiative

New

NHS recrui...

Tech Radar

910

Image Credit: Tech Radar

A cyberattack on NHS Professionals, a private company owned by the Department of Health and Social Care, resulted in the theft of its Active Directory data in May 2024.
The breach was not publicly disclosed, and attackers used a compromised Citrix account to gain initial access.
Attackers stole a valuable ntds.dit file and moved laterally in the network using RDP and SMB share access.
It's unclear how the attackers escalated their privileges up to the domain admin level.
NHS Professionals provides temporary staff to NHS trusts and has over 190,000 healthcare professionals registered.
The cyberattack is suspected to be linked to Scattered Spider and may have been an attempted ransomware attack.
A lack of multi-factor authentication on domain accounts was a primary reason for the security breach.
The organisation also lacked endpoint detection and response solutions, allowing attackers to move undetected.
NHS Professionals confirmed no disruption to services and no compromised data or information.
The company worked with NHS England, the Department of Health and Social Care, and the Information Commissioner's Office to investigate the cyberattack.
NHS Professionals emphasized commitment to high cybersecurity standards and compliance with information governance requirements.

Read Full Article

16 Likes

For uninterrupted reading, download the app