The spokesperson said an organisation that “provided essential services to us and other healthcare bodies” experienced the attack in June 2024.It formed part of a wider incident affecting other organisations that supported the healthcare sector, they said.The trust said criminals extracted files which were later published on online forums known for sharing stolen data.It said: “The files taken were not organised as a single database and were highly unstructured, incomplete and fragmented.”As a result, it has taken more than a year of detailed analysis by specialist teams at the supplier to reconstruct and understand what information was present and which organisations it related to.”In October 2025, the spokesperson said the supplier told the NHS that data relevant to the trust had been included, recovered and analysed.In total, data linked to 32,927 individuals was shared.They said they decided to share the information after completing a review. The trust said it had liaised with the NHS England information governance team and notified the Information Commissioner’s Office.It added: “While the data remains present in those places, publication alone does not mean that it has been used in a harmful way. At this time, we are not aware of any evidence that the information has been accessed or used inappropriately.”The supplier had obtained a court injunction in an attempt to stop third parties sharing the data, the spokesperson added.The trust runs the acute hospitals of Bedford, and Luton and Dunstable.
Bedfordshire hospital patients affected by cyber attack in 2024
