CC-4623
NHS Digital cyber alert reference covering SimpleHelp RMM vulnerabilities in 2025.
Last refreshed: 8 May 2026 · Appears in 1 active topic
Timeline for CC-4623
KB5091157, Gentlemen C2 intel, ENISA CNAs: in brief
Cybersecurity: Threats and Defences- What is NHS Digital CC-4623?
- CC-4623 is an NHS Digital Cyber Alert covering critical vulnerabilities in SimpleHelp RMM software, advising NHS organisations to patch or remove the affected tool due to active exploitation by ransomware groups.
- What are NHS Cyber Alerts?
- NHS Cyber Alerts are advisories issued by NHS Digital to notify NHS and health and social care organisations in England about active cyber threats, vulnerabilities, and required remediation actions. Each alert carries a CC-NNNN reference number.
- Why did the NHS issue an alert about SimpleHelp?
- NHS Digital issued CC-4623 after SimpleHelp RMM vulnerabilities (CVE-2025-25629 and CVE-2025-25628) were found to be actively exploited by threat actors, including the DragonForce ransomware group, for initial access to managed IT environments.Source: event
Background
CC-4623 is a Cyber Alert identifier issued by NHS Digital (part of NHS England) under the CC-NNNN reference scheme used for the NHS's Cyber Alerts programme. NHS Digital publishes Cyber Alerts to notify NHS and health and social care organisations in England about vulnerabilities and active threats relevant to their infrastructure. The CC-NNNN scheme provides a traceable reference number for each alert, allowing trust IT and security teams to track remediation status against a specific advisory.
CC-4623 specifically covered vulnerabilities in the SimpleHelp remote monitoring and management (RMM) platform — CVE-2025-25629, CVE-2025-25628, and related flaws disclosed and patched in January 2025. SimpleHelp is used by some NHS trusts and their MSP partners to provide remote support for clinical systems. The alert was issued following UK-sector reporting of active exploitation of these vulnerabilities.
In U#3, CC-4623 is referenced in the context of DragonForce ransomware using SimpleHelp as an initial access vector . The alert's issuance is part of a broader pattern of NHS Digital cyber intelligence work following the high-profile Synnovis/NHS ransomware attack in 2024, which prompted the NHS to expand its sectoral alerting and threat-sharing capabilities.