NHS Digital
UK NHS digital services arm; issued cyber alert CC-4623 on SimpleHelp RMM exploitation in 2025.
Last refreshed: 8 May 2026 · Appears in 1 active topic
Did NHS trusts patch SimpleHelp after CC-4623, or were they still running vulnerable versions when DragonForce struck?
Timeline for NHS Digital
Mentioned in: Ivanti EPMM logs fourth KEV zero-day since 2023
Cybersecurity: Threats and DefencesKB5091157, Gentlemen C2 intel, ENISA CNAs: in brief
Cybersecurity: Threats and Defences- What did NHS Digital warn about SimpleHelp in 2025?
- NHS Digital issued cyber alert CC-4623 in 2025 warning about exploitation of SimpleHelp RMM software, the same vulnerability class later confirmed by Arctic Wolf as an initial access vector for ransomware operators including DragonForce.Source: NHS Digital
- Is NHS Digital still operating?
- NHS Digital was merged into NHS England's Transformation Directorate in February 2023. Its legacy cyber alerts and guidance remain active; the functions now sit within NHS England.
- What is SimpleHelp RMM and why is it a cybersecurity risk?
- SimpleHelp is a remote monitoring and management (RMM) tool used by managed service providers. CVE-2024-57726 and CVE-2024-57728 allowed unauthenticated attackers to exploit it as an initial access vector, as documented by Arctic Wolf and NHS Digital cyber alert CC-4623 in 2025.Source: NHS Digital / Arctic Wolf
- How does NHS Digital issue cybersecurity alerts to the health sector?
- NHS Digital (now part of NHS England's Transformation Directorate) issues coded cyber alerts such as CC-4623 to NHS trusts and suppliers. These alerts describe active exploitation, affected products, and mitigations. They reach health sector security teams via the CareCERT alerting service.Source: NHS Digital
Background
NHS Digital is the UK National Health Service's digital technology and information standards body, responsible for national cyber security guidance and IT infrastructure across the NHS in England. In 2025, NHS Digital issued cyber alert CC-4623 specifically addressing the exploitation of SimpleHelp remote monitoring and management (RMM) software — the same vulnerability class later confirmed by Arctic Wolf as an initial access vector for DragonForce affiliates operating within The Gentlemen RaaS ecosystem.
NHS Digital merged with NHS England in February 2023, transferring its functions to the NHS England Transformation Directorate. However, its legacy cyber guidance and alert catalogues remain active references. NHS Digital has historically been a target-rich environment for ransomware operators: the 2017 WannaCry attack disrupted approximately a third of NHS trusts, and subsequent incidents have maintained the NHS's profile as a critical national infrastructure organisation under sustained cyber threat.
The CC-4623 alert demonstrates that NHS Digital had intelligence on SimpleHelp exploitation patterns before the May 2026 DragonForce confirmation, making the NHS's warning a prescient indicator that was not acted upon sufficiently across the sector. SimpleHelp is widely used in managed service providers that support NHS and healthcare systems.