![X Highlights Back-To-School Marketing Opportunities [Infographic]](https://imgproxy.divecdn.com/dM1TxaOzbLu_kb9YjLpd7P_E_B_FkFsuKp2uSGPS5i8/g:ce/rs:fit:770:435/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS94X2JhY2tfdG9fc2Nob29sMi5wbmc=.webp)
NHS recruitment firm had major security bugs which could have exposed entire systems
Cybercriminals stole an active directory belonging to NHS Professionals.
- An NHS organisation was hit with a cyberattack
- The attack occurred in May 2024 but was never publicly disclosed
- Attack against NHS Professionals looks to have been a failed ransomware attempt
A cyberattack targeting NHS Professionals, a private company owned by the Department of Health and Social Care, resulted in the theft of its Active Directory data - however the breach was never publicly disclosed, despite the attack occurring in May 2024.
A report from the The Register, quoting a Deloitte incident report, notes attackers used a compromised Citrix account to gain initial access.
Once inside, attackers stole a “highly valuable ntds.dit file and engaged in further malicious activity”. The criminals moved laterally inside the organisation’s network using RDP and SMB share access, although it's not clear how they escalated their privileges up the domain admin level.
Save up to 68% on identity theft protection for TechRadar readers!
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
A major event
NHS Professionals provides temporary staff to NHS trusts across England, and the site has over 190,000 healthcare professionals registered, as well as over 1,000 employees.
Insider comments say that the attack is suspected to be tied to Scattered Spider, and looked to be an attempted ransomware attack - perhaps similar to the ransomware attacks carried out by the group earlier in 2025 targeting three huge UK retailers.
The Deloitte report also cites a lack of multi-factor authentication (MFA) on domain accounts as one of the primary reasons that attackers were allowed access. Alongside this, the organisation didn’t have endpoint detection and response solutions deployed across all of its environment, meaning the criminals could move within the network undetected.
“Our cybersecurity systems and future mitigation ensured no disruption to our services, and we found that no data or other information was compromised, despite the attempt,” a National Health Service Professionals spokesperson confirmed.
"We worked quickly and closely with key partners NHS England and the Department of Health and Social Care, and the Information Commissioner's Office, to investigate this incident.”
"NHS Professionals is committed to the highest standards of cyber security and complies with the strict requirements around information governance. We continue to remain vigilant as per our security policies and procedures."
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- FBI warns Play ransomware hackers have hit nearly a thousand US firms
