Sorting by


Hackers publish NHS patients’ names and blood tests after ‘demanding ransom’

Sensitive data from a cyber attack on an NHS blood testing database has allegedly been published online by a cyber criminal group, NHS England has said.

Cyber attackers have reportedly published the data, stolen from an NHS blood testing database, after causing widespread disruption at multiple London hospitals earlier this month.

Qilin, the Russian group which claimed responsibility for hacking IT systems run by pathology service company Synnovis, has reportedly been trying to extort money from the NHS provider since the attack on 3 June.

The hackers demanded £40 million in ransom on Thursday, the Telegraph and the BBC report, after new figures revealed 1,134 operations and 2,194 outpatient appointments at King’s College and Guy’s and St Thomas’ hospital trusts have been cancelled in two weeks.

Hundreds of operations and appointments are still being cancelled as the chaos continues.

On Thursday night, Qilin shared almost 400GB of private information on their Telegram channel and darknet site, according to the BBC.

The leaked data is said to include patient names, dates of birth, NHS numbers and descriptions of blood tests. It is not known if test results are also in the data.

Business account spreadsheets detailing financial arrangements between hospitals and GP services and Synnovis have also been published, the BBC said.

In a statement on Friday morning, NHS England said: “We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.

“This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.

“As more information becomes available through Synnovis’ full investigation, the NHS will continue to update patients and the public.”

The fallout from the Synnovis hack has been one of the worst in the UK’s history of cyber attacks.

Synnovis’s services help with the diagnosis and treatment of illnesses and infections by analysing samples including blood and tissue.

Cancer, transplant and emergency care-related operations are all among those understood to have been impacted by the hack after they were unable to access quick-turnaround blood-test results.

The gang infiltrated the computer systems used by two NHS trusts, encrypted its information – making the IT programme effectively useless – and downloaded private information so Qilin could extort Synnovis for ransom payment in Bitcoin.

Dr Chris Streather, the medical director for the NHS in London, said there was “a reduction in the number of elective procedures being postponed” but the cyber attack was “continuing to have a significant impact on NHS services in south-east London”.

He added: “Having treatment postponed is distressing for patients and their families, and I would like to apologise to any patient who has been impacted by the incident.

“Staff are continuing to work hard to re-arrange appointments and treatments as quickly as possible.

“Patients should access services in the normal way by dialling 999 in an emergency, and otherwise use NHS 111 through the NHS App, online or on the phone. They should also continue to attend appointments unless they are told otherwise by the clinic team.”

A Synnovis spokesman previously said: “The investigation into the attack continues, including any possible impact to data. Once further information is known, we will report in line with the Information Commissioner’s Office requirements, and prioritise the notification of any impacted individuals or partners as required.

“We also continue to engage with law enforcement and the information commissioner and are working closely with the National Cyber Security Centre and NHS England’s cyber operations team.”

Source link

Related Articles

Back to top button