
NHS Digital
UK NHS digital services arm; issued cyber alert CC-4623 on SimpleHelp RMM exploitation in 2025.
Last refreshed: 8 May 2026 · Appears in 1 active topic
Did NHS trusts patch SimpleHelp after CC-4623, or were they still running vulnerable versions when DragonForce struck?
Timeline for NHS Digital
Mentioned in: Ivanti EPMM logs fourth KEV zero-day since 2023
Cybersecurity: Threats and DefencesKB5091157, Gentlemen C2 intel, ENISA CNAs: in brief
Cybersecurity: Threats and DefencesWhat did NHS Digital warn about SimpleHelp in 2025?
Is NHS Digital still operating?
What is SimpleHelp RMM and why is it a cybersecurity risk?
Background
NHS Digital is the UK National Health Service's digital technology and information standards body, responsible for national cyber security guidance and IT infrastructure across the NHS in England. In 2025, NHS Digital issued cyber alert CC-4623 specifically addressing the exploitation of SimpleHelp remote monitoring and management (RMM) software — the same vulnerability class later confirmed by Arctic Wolf as an initial access vector for DragonForce affiliates operating within The Gentlemen RaaS ecosystem.
NHS Digital merged with NHS England in February 2023, transferring its functions to the NHS England Transformation Directorate. However, its legacy cyber guidance and alert catalogues remain active references. NHS Digital has historically been a target-rich environment for ransomware operators: the 2017 WannaCry attack disrupted approximately a third of NHS trusts, and subsequent incidents have maintained the NHS's profile as a critical national infrastructure organisation under sustained cyber threat.
The CC-4623 alert demonstrates that NHS Digital had intelligence on SimpleHelp exploitation patterns before the May 2026 DragonForce confirmation, making the NHS's warning a prescient indicator that was not acted upon sufficiently across the sector. SimpleHelp is widely used in managed service providers that support NHS and healthcare systems.