CC-4623
NHS Digital cyber alert reference covering SimpleHelp RMM vulnerabilities in 2025.
Last refreshed: 8 May 2026 · Appears in 1 active topic
Timeline for CC-4623
KB5091157, Gentlemen C2 intel, ENISA CNAs: in brief
Cybersecurity: Threats and DefencesWhat is NHS Digital CC-4623?
What are NHS Cyber Alerts?
Why did the NHS issue an alert about SimpleHelp?
Background
CC-4623 is a Cyber Alert identifier issued by NHS Digital (part of NHS England) under the CC-NNNN reference scheme used for the NHS's Cyber Alerts programme. NHS Digital publishes Cyber Alerts to notify NHS and health and social care organisations in England about vulnerabilities and active threats relevant to their infrastructure. The CC-NNNN scheme provides a traceable reference number for each alert, allowing trust IT and security teams to track remediation status against a specific advisory.
CC-4623 specifically covered vulnerabilities in the SimpleHelp remote monitoring and management (RMM) platform — CVE-2025-25629, CVE-2025-25628, and related flaws disclosed and patched in January 2025. SimpleHelp is used by some NHS trusts and their MSP partners to provide remote support for clinical systems. The alert was issued following UK-sector reporting of active exploitation of these vulnerabilities.
In U#3, CC-4623 is referenced in the context of DragonForce ransomware using SimpleHelp as an initial access vector . The alert's issuance is part of a broader pattern of NHS Digital cyber intelligence work following the high-profile Synnovis/NHS ransomware attack in 2024, which prompted the NHS to expand its sectoral alerting and threat-sharing capabilities.