Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals The Record from Recorded Future News
pppLeadershipppCybercrimeppNationstateppElectionsppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp People with symptoms of sensitive medical conditions including cancer and sexually transmitted infections are among almost a million individuals who had their personal information published online following a ransomware attack that disrupted NHS hospitals in London earlier this year according to an analysis shared with Recorded Future News pp The examination by CaseMatrix a company that works with legal firms to support claimants in data breach lawsuits is the first public assessment of how many individuals might be affected by the cyberattack CaseMatrix says more than 900000 individuals have been caught up in the extortion attempt pp Neither NHS England nor the directly impacted pathology service provider Synnovis both of whom are legally responsible for protecting patients information have provided their own counts of people impacted by the cyberattack On its website Synnovis says it doesnt know exactly what data was compromised nor who it relates to pp The stolen data which was published in June by the Qilin ransomware gang includes requests for appointments as well as for pathology and histology tests It features in many cases details of symptoms for sensitive medical conditions that patients may not yet know have been exposed pp In a statement sent to Recorded Future News Synnovis described its investigation into the incident as advanced and ongoing and said its work involves interrogation of the published data to identify whether and to what extent any patient or employee data is affected pp This work is ongoing more than three months after the initial incident During the intervening period Synnovis has been busy attempting to replace its critical pathology services The impact of the cyberattack on blood testing has severely reduced blood stocks across the United Kingdom leaving hospitals on the brink of limiting blood transfusions to only the most critical patients There is still an urgent call for people with O negative and O positive blood types to donate blood pp While the company last week announced having successfully rebuilt the majority of its core IT systems and recovered its diagnostic services the delay has meant that individuals whose data was compromised in the attack have not been provided with even a preliminary warning about the sensitivity of what has been exposed pp As analyzed by CaseMatrix this data includes names dates of birth NHS numbers and in some cases personal contact details alongside pathology and histology forms that are used to share patient details between medical departments and institutions The forms often describe symptoms of intimate and private medical conditions pp In the entire dataset released by Qilin CaseMatrix was able to identify 129 million entities that correspond to individual people The company said its analysis typically had a 23 error rate and accounting for this and the automated removal of duplicate entities some of which will not be true duplicates CaseMatrix was confident there remained in excess of 900000 people affected by the breach pp In its statement Synnovis said We are not in a position to comment on or confirm the validity or accuracy of analysis carried out by other parties nor can we verify whether the data examined by these parties is in fact related to this incident pp The company said its investigation timeframe in keeping with the scale and scope of such an incident is commensurate with the time required to thoroughly conclude which individuals or organisations have been impacted and pledged to communicate with the relevant impacted stakeholders as soon as it is appropriate and responsible to do so pp According to Information Commissioners Office data there has been a surge in ransomware attacks against organizations in the health sector in the first half of this year with the sector now accounting for more than 12 of all reported breaches caused by cyber extortionists pp There were 55 ransomware incidents reported to the regulator between January and June of 2024 36 of them involving the hackers stealing patients data The numbers are a significant increase on the 33 reports recorded across the entirety of 2023 when only 12 involved patient data being compromised pp Last month Synnovis obtained a preliminary injunction from the English High Court against the Qilin ransomware group as well as Telegram and another leak site intended to prevent publication of the stolen data alongside an antihacking injunction ordering Qilin not to access Synnovis IT systems pp While such injunctions are rare in the United Kingdom particularly because the defendants are usually based in unknown or unfriendly jurisdictions and as such resistant to enforcement actions they can offer legal teams a mechanism to notify platforms such as Telegram as well as ISPs to demand the removal of hacked data pp In its statement Synnovis said it took the move to reassure patients and our employees and limit the misuse of the stolen data pp Following this injunction the Telegram channel used by Qilin to distribute the data no longer appears to be active ppAlexander Martinppis the UK Editor for Recorded Future News He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research InitiativeppPrivacyppAboutppContact Uspp Copyright 2024 The Record from Recorded Future Newsp