NHS England confirm patient data stolen in cyber attack

NHS England confirm patient data stolen in cyber attack

  • Health
  • June 24, 2024
  • No Comment
  • 19

NHS England has confirmed its patient data managed by blood test management organisation Synnovis was stolen in a ransomware attack on 3 June.

Qilin, a Russian cyber-criminal group, shared almost 400GB of private information on their darknet site on Thursday night, something they threatened to do in order to extort money from Synnovis.

In a statement, NHS England said there is “no evidence” that test results have been published, but that “investigations are ongoing”.

More than 3,000 hospital and GP appointments were disrupted by the attack.

“Patients should continue to attend their appointments unless they have been told otherwise and should access urgent care as they usually would,” NHS England said.

A sample of the stolen data seen by the BBC includes patient names, dates of birth, NHS numbers and descriptions of blood tests, something cyber security expert Ciaran Martin told the BBC was “one of the most significant and harmful cyber attacks ever in the UK.”

There are also business account spreadsheets detailing financial arrangements between hospitals and GP services and Synnovis being taken.

The ransomware hackers infiltrated the computer systems of the company, which is used by two NHS trusts in London, and encrypted vital information making IT systems useless.

As is often the case with cyber-criminals, they also downloaded as much private data as they could to further extort the company for a ransom payment in Bitcoin.

It is not known how much money the hackers demanded from Synnovis or if the company entered negotiations. But the fact Qilin has published some, potentially all, of the data means they did not pay.

The cyber-attackers told the BBC on an encrypted messaging service they had deliberately targeted Synnovis as a way to punish the UK for not helping enough in an unspecified war.

In NHS England’s statement it said it “continues to work with Synnovis and the National Crime Agency”.

NHS England said it had set up a helpline to support people impacted by the attack and it will continue to share updates, but “investigations of this type are complex and take time”.

#NHS #England #confirm #patient #data #stolen #cyber #attack

Related post

Southport murders accused facing terror charge

Southport murders accused facing terror charge

Merseyside Police Elsie Dot Stancombe, Alice da Silva Aguiar and Bebe King were killed in the stabbings in Southport The teenager…
CNN bans conservative commentator after verbal attack on Mehdi Hasan | US Election 2024 News

CNN bans conservative commentator after verbal attack on Mehdi…

US network says it has ‘zero room for racism’ after Girdusky tells Hasan: ‘I hope your beeper doesn’t go off.’ CNN…
Australian PM Albanese accused of seeking upgrades from Qantas boss

Australian PM Albanese accused of seeking upgrades from Qantas…

Australian Prime Minister Anthony Albanese has been accused of asking for free personal flight upgrades directly from the former CEO of…

Leave a Reply

Your email address will not be published. Required fields are marked *