In recent months, the UK has witnessed a surge in cyberattacks targeting public sector organizations, particularly local councils and healthcare institutions. These incidents have not only compromised sensitive data but also disrupted essential services, highlighting the pressing need for robust cybersecurity measures.
Cyberattacks on UK Councils
In November 2025, three London councils—Kensington and Chelsea, Westminster, and Hammersmith and Fulham—fell victim to a significant cyberattack. The breach disrupted core services, including phone lines and online reporting systems, as the councils share some IT infrastructure. Emergency response measures were swiftly implemented to support residents, especially vulnerable groups. While investigations are ongoing, the National Cyber Security Centre (NCSC) has advised residents to remain vigilant against potential phishing attempts stemming from the incident. (techradar.com)
Similarly, a Freedom of Information request revealed that over a quarter of UK councils have admitted to falling victim to ransomware attacks. Notably, only one council reported paying the ransom, underscoring the importance of effective backup systems in mitigating such threats. (channelweb.co.uk)
Ransomware Attacks on the NHS
The National Health Service (NHS) has also been a prime target for cybercriminals. In August 2025, Barts Health NHS Trust experienced a ransomware attack attributed to the Cl0p group. The attackers exploited a vulnerability in the Oracle E-Business Suite, accessing a database containing invoices and personal information. Although core clinical systems remained unaffected, the breach exposed sensitive data, including patient names and addresses. The Trust has since secured a High Court order to prevent the dissemination of the stolen data and is collaborating with authorities to enhance security measures. (techradar.com)
In another incident, DXS International, a technology provider for NHS England, disclosed a ransomware attack on December 14, 2025. The breach affected the company’s office servers but did not disrupt essential clinical services. The relatively unknown ransomware group, DevMan, claimed responsibility, asserting they had exfiltrated 300GB of data. While the files have not been leaked, this incident highlights the persistent threat to healthcare IT infrastructure. (techradar.com)
Emergence of New Malware Operator: Qilin
Adding to the complexity of the cyber threat landscape is the emergence of a new malware operator, Qilin. This Russian-speaking cybercrime group has been linked to several incidents, including a ransomware attack on London hospitals in December 2022. Qilin’s Agenda ransomware, initially written in Go, was rewritten in Rust in December 2022, indicating a sophisticated evolution of their attack methods. The group’s activities underscore the dynamic and evolving nature of cyber threats targeting healthcare institutions. (en.wikipedia.org)
Implications and Response
These incidents underscore the escalating cybersecurity challenges faced by public sector organizations, particularly in the healthcare sector. The breach of sensitive data not only compromises individual privacy but also erodes public trust in essential services. In response, organizations are urged to implement comprehensive cybersecurity strategies, including regular system updates, employee training, and robust data backup protocols.
Furthermore, collaboration between public and private sectors is crucial in developing and sharing threat intelligence to preempt and mitigate cyberattacks. As cybercriminals continue to refine their tactics, a proactive and coordinated approach remains essential in safeguarding critical infrastructure and sensitive data.
References
-
“Multiple London councils affected by apparent cyberattack.” TechRadar. November 28, 2025. (techradar.com)
-
“More than a quarter of UK councils admit ransomware woes.” ChannelWeb. December 2025. (channelweb.co.uk)
-
“Patient and staff data impacted by Cl0p ransomware attack on Barts Health NHS.” TechRadar. December 8, 2025. (techradar.com)
-
“NHS England tech provider reveals data breach – DXS International hit by ransomware.” TechRadar. December 22, 2025. (techradar.com)
-
“Qilin (cybercrime group).” Wikipedia. December 2025. (en.wikipedia.org)
Be the first to comment