London hospitals hackers publish stolen blood test data

london-hospitals-hackers-publish-stolen-blood-test-data
London hospitals hackers publish stolen blood test data

Sensitive data stolen from an NHS blood testing company by cyber criminals who caused huge disruption to multiple London hospitals has been published. Qilin attempted to extort money from NHS provider Synnovis after hacking the firm on 3 June. In the incident’s aftermath, over 1,000 hospital and GP appointments and operations were affected by the disruption to pathology services. The attack has been one of the worst ever experienced in the UK with the computer systems of the company used by two NHS trusts in London compromised by the ransomware perpetrators, who encrypted vital information.

The majority of the private information stolen has been shared on Qilin’s darknet site and on its Telegram channel. Almost 400GB of data has been released, including patient names, dates of birth, NHS numbers and blood test descriptions. Alongside this data, there are also business account spreadsheets with detailed financial arrangements between hospitals, GP services and Synnovis. It is not currently known if the test results for patients are included within the data.

It is typical for ransomware groups to download private data as they disrupt IT systems and encrypt important files so they can extort companies for a ransom payment in Bitcoin. It is unclear as to how much the hackers demanded from Synnovis or if they entered into negotiations, although the fact Qilin has published some or all of the data suggests that the ransom was not paid. Law enforcement agencies worldwide regularly urge ransomware victims not to pay, as it supports the criminal enterprise and there is no guarantee that criminals will keep their promises.

Cybercriminals are increasingly targeting healthcare organizations with their attacks, knowing they can cause significant harm and potentially obtain a large ransom. Ransomware expert Brett Callow suggested that since United Health Group paid a £17.3m ($22m) ransom earlier this year, the sector is firmly in the crosshairs of ransomware groups

Read the full article from The BBC here: Read More