Records on 300m patient interactions with NHS stolen in Russian hack | NHS
[ad_1]
Russian hackers have stolen records covering 300 million patient interactions with NHSincluding the results of blood tests for HIV and cancer, the Guardian can reveal.
The amount and sensitive nature of the data obtained by the Qilin hacking gang has raised alarm among NHS bosses, who are scrambling to set up a helpline to deal with inquiries from large numbers of worried patients and also health service staff.
Seven hospitals run by two NHS trusts were affected by the attack, which targeted Synnovis, a private/NHS joint venture that provides pathology services such as blood tests and transfusions. It is not clear at this stage if the hacking only involved hospitals in the trusts or if it was more widespread.
NHS anxiety about the impact of the attack increased on Friday after Qilin acted overnight on a threat to release stolen NHS data into the public domain, an indication that Synnovis had refused to pay a reported $50m (£40m) ransom.
It is not yet clear exactly what data or how much of the downloaded amount was made public by the ransomware group. But the stolen data included details of the results of blood tests carried out on patients who had undergone many types of surgery, including organ transplants, or were suspected of having a sexually transmitted infection or who had had a blood transfusion, sources familiar with the matter said.
In a development that will cause concern among patients who have received private healthcare in recent years, the transfer to Qilin is understood to include records of tests people have had at multiple private healthcare providers. It is not clear which private healthcare firms Synnovis – a joint venture between pathology firm Synlab and two large London emergency hospital trusts – works for.
The number of test results in the data Qilin seized in the June 3 hack is so huge because it spans tests that patients have had going back a significant number of years, sources said.
The ransomware group posted 104 data files overnight on a messaging platform. The Guardian was unable to verify the contents of the published files, which contained around 380GB of data in total. The post was topped with an image of the Synnovis logo, a description of the company and a link to its website.
BBC reported that the files contained patient names, dates of birth, NHS numbers and descriptions of tests.
Usually, if a ransomware gang publishes stolen data, it’s a sign that the victim has refused to pay a ransom to decrypt their IT systems and delete the stolen data.
The hack caused huge problems for King’s College Hospital and Guy’s and St Thomas’ hospital trusts, as well as dozens of GP practices in south-east London, which between them care for 2 million patients, as it left them only able to order a fraction of the number of blood tests. which they usually do.
The two trusts had to canceled 1134 scheduled operationsincluding cancer surgery and transplants, and postponed 2,194 outpatient appointments in just the first 13 days after the attack, NHS England’s London region said on Thursday.
The NHS is working hard to transfer what care it can to other providers and in the past week has been able to increase the number of blood tests it can do from 10% of the usual number to 30%.
But the fact that Synnovis is blocked by its own IT system means that affected hospitals and GP surgeries still have to severely restrict access to blood tests.
Tim Mitchell, senior researcher at cybersecurity firm Secureworks, said the release of data was a signal that the negotiating period was over. “For the most part, by the time the data is leaked, ransomware negotiations are usually over,” he said. Synnovis has not confirmed whether it has held talks with Qilin.
Qilin runs a ransomware-as-a-service operation that leases malware to other criminals in exchange for a share of the revenue. Mitchell said it’s possible the attacker withheld data in an additional attempt to secure payment, but that scenario seems unlikely.
In a statement on Friday, the NHS England said: “NHS England has been made aware that a cyber crime group published data last night which they claim belongs to Synnovis and was stolen as part of this attack.
“We understand that people may be concerned about this, and we continue to work with Synnovis, the National Cyber Security Center and other partners to determine the content of the released files as quickly as possible.” This includes whether this is data extracted from the Synnovis system and, if so, whether it relates to NHS patients.’
[ad_2]