trusted delivery
Book a Demo

When Your Vendor Is the Vulnerability

What 2025’s SaaS-Linked Breaches Reveal About Third-Party Risk in NHS Internal Communications—and How Trusted Delivery Mitigates It

newsletter automation

The New Reality: Most Breaches Start Outside Your Firewall

In 2025, one of the clearest cyber security trends across NHS-affiliated and private-sector organisations alike is this: attackers are bypassing core IT systems and instead targeting the vendor supply chain.

This shift has profound implications for NHS communications. In practice, it means that secure, timely engagement with staff—and the systems that underpin internal messaging—can be disrupted not by failure within your organisation, but by weaknesses within a vendor you rely on.

In the last 12 months alone, third-party software breaches have directly affected global retailers, government departments, and health-affiliated systems, with internal communication platforms frequently among the first services to be impacted.

For NHS communications leads—whether at Trust, ICB, or system level—the takeaway is stark: even the most secure internal systems are vulnerable if the channels we use to communicate with staff and stakeholders are routed through over-extended, multi-integrated, third-party ecosystems.

Trusted Delivery was established to eliminate this risk.

Anatomy of a 2025 SaaS Breach

The typical breach seen in 2025 follows a clear, repeatable pattern—one that NHS leaders can no longer afford to ignore:

  1. Initial Access
    Exploiting social engineering, attackers impersonate legitimate users or partners to convince a SaaS vendor’s helpdesk to reset credentials or disable MFA. These workflows—optimised for speed, not verification—often bypass even robust identity controls.
  2. Over-Permissioned Integrations
    With access obtained, attackers escalate privileges using over-scoped API tokens or CRM OAuth grants. These tokens typically span multiple systems, thanks to sprawling SaaS ecosystems (e.g., CRM platforms tied to HR, payroll, and messaging).
  3. Lateral Movement
    Next, attackers pivot laterally, often moving from one SaaS platform to another. They extract sensitive data, inject malicious payloads, or hijack message delivery services—effectively impersonating the organisation.
  4. Extortion and Disruption
    Finally, they exfiltrate data, trigger encryption, or threaten disclosure—disrupting operations and triggering a crisis response. In internal comms terms, this can mean messages misdelivered, delayed, spoofed or blocked—damaging trust at the worst possible time.

A notable example comes from the Marks & Spencer ransomware attack, where a compromised IT contractor’s helpdesk workflow created a critical vulnerability. Communications outages affected rota messaging and staff coordination at peak periods.

In another 2025 case, attackers breached Workday via compromised Salesforce OAuth apps, exposing sensitive HR and payroll data. Harrods faced data loss after attackers accessed customer information through a marketing vendor. Though core systems remained intact, internal communications channels were disrupted and regulatory action followed.

Why This Matters for NHS Internal Comms

For NHS organisations, a compromised communication platform does not just mean a delay in emails. It can mean missed emergency alerts, undermined transformation initiatives, and serious breaches of information governance standards.

NHS leaders must now consider vendor risk as a core element of communications strategy. Communications systems are lifelines in health settings. Their integrity must be assured.

  • Staff Trust Degrades
    If internal comms are spoofed or disrupted, confidence in leadership messages, updates, and alerts diminishes—particularly in large, dispersed, and digitally dependent workforces.
  • Comms Continuity Fails
    Most general SaaS platforms rely on third-party plug-ins and global cloud APIs to operate. When these are revoked or breached, message delivery ceases. NHS messages must not rely on systems outside NHS governance.
  • Inclusion and Equity at Risk
    Complex SaaS breaches often result in only partial system failure. In these cases, digitally excluded or accessibility-dependent users are often the first to lose service—undermining equity goals and widening digital divides.
  • Leadership Confidence Erodes
    At Trust Board and ICB level, vendor failures force organisations into reactive mode. Reassuring staff, patients, and partners requires rapid, secure messaging—often across multiple channels. If the platform has failed, the organisation cannot lead.

Trusted Delivery mitigates these risks by removing third-party dependencies, avoiding CRM-sprawl, and embedding every aspect of our platform within NHS security policy, compliance standards, and user expectations.

Case Snapshots: Three 2025 Breaches and Their Implications

Marks & Spencer (May 2025)

A ransomware breach was linked to helpdesk access via a third-party contractor. Internal systems remained operational, but internal communication was reportedly disrupted for several days, as alerts and rota messages were delayed.

Comms Impact: Loss of staff confidence, delayed return-to-work comms, reputational harm.

Workday / Salesforce Ecosystem (2025)

Attackers leveraged Salesforce OAuth tokens across multiple clients. Internal HR platforms, intranets, and messaging tools reliant on those tokens were silently accessed or disabled.

Comms Impact: Widespread authentication failure, lockout from systems, mass password resets.

Harrods (2025)

A breach through a third-party email marketing platform exposed customer and internal messaging data. Although “core systems” were unaffected, the loss of message integrity triggered ICO inquiries and staff engagement concerns.

Comms Impact: Regulatory risk, compromised internal/external comms, forced platform migration.

Five Consistent Weaknesses Seen in SaaS Breaches

Weakness Description Trusted Delivery's Approach
Helpdesk Reset Exploits
SaaS vendors grant support teams broad reset powers with minimal challenge protocols
Named support agents only. All changes require multi-step NHS-verified authorisation.
Over-Privileged Accounts
CRM, marketing and analytics tools often have excessive permissions across comms stacks
Trusted Delivery applies least-privilege defaults, audited quarterly, with scope-limited integrations only.+
Token Hijacking
OAuth and API tokens are rarely rotated or scoped, allowing long-term misuse if compromised
All integrations use time-limited, restricted-scope tokens, auto-revoked on inactivity.
Ecosystem Sprawl
Large SaaS systems rely on dozens of sub-processors and integrations
Trusted Delivery is a single-tenant platform: no third-party CRMs, no shadow integrations, no sprawl.
Fragmented Stack Visibility
When using multiple platforms, security teams struggle to monitor all endpoints
Unified audit logs, on-platform analytics, and SIEM export support for Trust cyber teams.

Trusted Delivery: Built for NHS Security and Continuity

Trusted Delivery was developed to address these exact vulnerabilities.

  • Controlled Support Workflow: Named support specialists only; no anonymous helpdesk resets. Every account action requires multi-step identity verification and is logged and auditable.
  • Least Privilege by Design: All user roles and integration points are permission-scoped. Accounts cannot exceed operational necessity.
  • Minimal Ecosystem Footprint: Trusted Delivery consolidates email, SMS, Teams/Viva, and QR delivery into one secure, ISO 27001-certified UK-hosted platform. There is no CRM dependency or overextended ecosystem.
  • Transparent Monitoring: All account activity is visible to client-side audit teams. Suspicious activity triggers alerts and pre-emptive controls.
  • Fewer Vendors, Fewer Risks: Trusted Delivery reduces reliance on fragmented tools and third-party plug-ins, shrinking the surface area exposed to breach.

Security as a Procurement Standard

We encourage NHS teams to use a security-led procurement approach. Our downloadable Risk Register Template supports transparent, evidence-based evaluations across three key areas:

  1. Security & Access Controls
  • Enforced SSO/SAML
  • MFA with passkeys (no SMS fallback)
  • Scoped OAuth permissions
  • Key rotation policies
  • UK data residency (ISO 27001 certified)
  1. Accessibility & Deliverability
  • NHSmail SPF/DKIM/DMARC alignment
  • WCAG-compliant email templates
  • Internal sender tagging to prevent “external” flags
  1. Resilience & Sustainability
  • Clear RTO/RPO
  • Regular backup and recovery testing
  • Environmental impact reporting (aligned to NHS Net Zero)
  • Termination clauses with data export guarantees

“NewZapp has transformed our internal communications. Before, we were constantly facing issues with delivery and engagement. Now, not only are our open rates up, but staff engagement with surveys and nominations has skyrocketed. The support team has been fantastic, always there when we need them, making sure everything runs smoothly.”
Laura Favell, Communications Manager, Royal Papworth Hospital NHS Foundation Trust

Protecting Communications Integrity

The breaches of 2025 demonstrate that a secure comms stack isn’t one shielded behind a firewall—it’s one designed with trusted suppliers, robust workflows, and clarity of governance.

Trusted Delivery’s architecture ensures that NHS organisations retain control over their messaging infrastructure, even when the broader landscape remains volatile.

With NHS-verified identity workflows, fewer integration points, and a laser focus on internal communications rather than marketing or CRM functionality, we help organisations communicate securely and consistently.

This is not just a platform decision. It’s a leadership one.

Closing Reflection: Why Trusted Communications Need Trusted Platforms

In 2025, third-party breaches are no longer an outlier—they are the predominant form of cyber risk. Platforms originally designed for e-commerce, CRM, or marketing automation continue to struggle when adapted for the scale, security and staff diversity of the NHS.

Trusted Delivery is different.

  • Not repurposed.
  • Not reliant on sprawling integrations.
  • Not maintained by unknown third parties.

We are the only internal communications platform purpose-built for the NHS. With UK-based hosting, ISO accreditation, NHSmail compatibility, and the lowest integration risk in the sector, we offer a platform that keeps communications effective—even when external systems fail.

Because in the NHS, when staff comms fail—people notice. Safety suffers. Trust is lost.

Choose a platform that delivers without compromise.

Choose Trusted Delivery.