GCHQ is investigating a cyber attack on the London private hospital favoured by the Royal family.

The spy agency’s National Cyber Security Centre (NCSC) is examining what King Edward VII’s Hospital called “an IT security incident” during which a “third-party” obtained confidential medical information such as doctors’ letters relating to some patients.

The hospital is known as being the first port of call for senior members of the Royal family, with the late Queen, Elizabeth II, and Prince Philip having been admitted several times.

It is understood that the Royal family members’ medical data is held separately to the system that was hacked, and was unaffected.

The disclosure, which took place earlier this month, comes less than a fortnight after the NCSC warned of “an enduring and significant threat posed by states and state-aligned groups to the national assets that the UK relies on for the everyday functioning of society”.

The hospital was unable to confirm the identity of the “third party” behind the attack. It is understood that fewer than 1 per cent of patients were affected.

Justin Vale, the hospital’s chief executive, told affected patients: “We have identified that the third party responsible for the incident was able to copy a small amount of data from our systems. We have reviewed this data so that we can confirm what is included and while the majority was internal hospital systems data, we established that it did include some of your personal data.

“This included some health information contained in documents such as doctors’ letters or pathology reports.”

A spokesman for the hospital said: “We recently experienced an IT security incident involving temporary, unauthorised access to our systems.

“We launched a comprehensive investigation, which confirmed that a small amount of data was copied from part of our IT system. While this was primarily benign hospital systems data, a limited amount of patient information was copied, and we are notifying a small subset of our patient database. The vast majority of patients are not affected by this and we offer our apologies for any concern this incident may cause.”