NHS cyberattackers claim to leak patient data online

21 Jun 2024

Image: © Supapich/Stock.adobe.com

The criminals claim to have shared 400GB of patient data and the NHS said it is working to confirm the validity of these files ‘as quickly as possible’.

The ransomware attack on the UK’s National Health Service (NHS) continues to disrupt health services in London, while a massive amount of patient data may have leaked as a result.

The Russian gang – called Qilin – has shared 400GB of data on its dark web site and claims this is personal data on patients that it stole earlier this month. The BBC saw a sample of the data and reports that it includes patient names, dates of birth, NHS numbers and descriptions of blood tests.

The NHS told the BBC that it could not be completely sure that the data was real. NHS England told Reuters that it is working with various parties including the UK’s National Cyber Security Centre to “determine the content of the published files as quickly as possible”.

This issue began after a massive ransomware attack impacted multiple hospitals in London and disrupted primary care services. This attack targeted Synnovis, a company that provides pathology services to the NHS, clinical users and other service users.

The attack occurred on 3 June but there are reports that hundreds of operations and appointments are still being delayed weeks after the attack. In a statement yesterday (20 June), NHS England said 1,134 elective procedures and 2,194 outpatient appointments had been postponed at King’s College, Guy’s and St Thomas’ hospitals since 3 June.

NHS London medical director Dr Chris Streather said yesterday that hospital staff are working hard to “re-arrange appointments and treatments as quickly as possible”.

“Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyberattack on Synnovis is continuing to have a significant impact on NHS services in south-east London,” Streather said.

Constant cyberattack threat

The healthcare sector is an attractive target for cyberattackers, due to the sensitive and valuable information this sector has on individuals. These criminals also disrupt vital services to increase pressure and the likelihood that ransom demands will be met.

There have been various incidents over the years of healthcare organisations facing ransomware attacks, including the HSE cyberattack in 2021 and more recently, the massive UnitedHealth ransomware attack in the US.

But other sectors remain at risk. A recent campaign targeting customers of cloud service provider Snowflake caused many organisations to be at risk and led to the massive Ticketmaster breach that saw the data of 560m accounts go up for sale on the dark web.

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com