NHS England confirm patient data stolen in cyber attack

nhs-england-confirm-patient-data-stolen-in-cyber-attack
NHS England confirm patient data stolen in cyber attack

The management of patient data by Synnovis, a blood test management organisation, was stolen in a ransomware attack on 3 June, according to NHS England. On Thursday night, almost 400GB of private information was shared on a darknet site by Qilin, a Russian cyber-criminal group which threatened to do so in order to extort money from Synnovis. There is no evidence yet that any test results have been published by the hackers, but investigations are ongoing. More than 3,000 hospital and GP appointments were disrupted by the attack, but patients have been advised to attend their appointments as normal unless otherwise informed.

Patient names, dates of birth, NHS numbers and descriptions of blood tests were among the data targeted. Business account spreadsheets detailing financial arrangements between hospitals and GP services and Synnovis were also taken. Cyber security expert Ciaran Martin highlighted the attack as being “one of the most significant and harmful cyber attacks ever in the UK”. The company is used by two NHS trusts in London.

Cyber-criminals often download as much private data as they can to extort companies for a ransom payment in Bitcoin. Synnovis has not disclosed whether or not it paid up, or how much was asked for. The fact that the hackers published the data suggests that payment was not made. Qilin told the BBC in an encrypted message that it had targeted the company as a way of punishing the UK for not providing enough help in an unspecified war.

NHS England, which continues to work with Synnovis and the National Crime Agency, has established a helpline to support those impacted by the data breach. Updates will be provided, but investigations of this type take time to conclude

Read the full article from The BBC here: Read More