We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Cyber alerts
We issue cyber security alert notifications to health and care organisations, ranging from weekly threat bulletins to immediate high-severity alerts.
March 2022
CC-4068
Philips e-Alert Vulnerability
Philips e-Alert, an MRI system monitoring platform, is missing authentication for critical system functionality, which may allow an attacker to remotely shutdown the system
CC-4047
Phishing Campaign Uses Fake Adobe Document Cloud Application to Steal Microsoft Credentials
A cyber crime group is using a fake web application masquerading as the Adobe Document Cloud in order to steal credentials for Microsoft Office 365 and Outlook.
CC-4046
BD Use of Hard-coded Credentials Vulnerabilities in Viper LT and Pyxis Product Lines
Becton, Dickinson and Company (BD) reported use of hard-coded credential vulnerabilities in Viper LT products, their automated molecular testing system, and Pyxis products, their automated medication dispensing system.
December 2021
CC-3999
Vulnerabilities in Fresenius Kabi Agilia Connect Infusion System
Vulnerabilities in Fresenius Kabi Agilia Connect Infusion System products could be exploited to allow an attacker to modify settings, access sensitive information, and perform arbitrary actions.
CC-3988
Hillrom Welch Allyn Cardio Products Authentication Bypass Vulnerability
There is improper authentication vulnerability in Hillrom Welch Allyn cardiology products when those products are configured to use SSO.
November 2021
CC-3981
Philips IntelliBridge Hub Vulnerabilities
Two vulnerabilities in patient care device connectivity and interoperability solution
CC-3980
Philips Patient Information Center iX (PIC iX) and Efficia CM Series Vulnerabilities
Three vulnerabilities in Patient Information Center iX (PIC iX) and Efficia CM Series products
CC-3972
Philips MRI 1.5T and 3T Vulnerabilities
Vulnerabilities centre around improper access control, incorrect ownership assignment, and exposure of sensitive information to an unauthorised attacker.
CC-3969
Philips Tasy Electronic Medical Record (EMR) HTML5 SQL Injection Vulnerabilities
Philips has released a security advisory to address SQL injection vulnerabilities in Philips Tasy Electronic Medical Record (EMR) HTML5.
October 2021
CC-3965
Medtronic Releases Urgent Recall for MiniMed MMT-500 and MMT-503 Remote Controllers for Insulin Pumps
Urgent medical device recall for MiniMed MMT-500 or MMT-503 remote controller for MiniMed 508 and Paradigm insulin pumps