The data from the ransomware virus attack allegedly hit the web weeks after a cyberattack halted operations and tests at major London hospitals, The Guardian reported.
The cyberattack targeted Synnovis, a private pathology firm that analyses blood tests for Guy’s and St Thomas’ NHS Foundation Trust (GSTT) and King’s College Trust, on June 3, forcing the capital’s hospitals to cancel nearly 1,600 operations and outpatient appointments.
On Friday, NHS England said that “it has learnt that last night a group of cyber criminals published data they claim belongs to Synnovis and was stolen in this attack. We realise how distressing this event can be for many people. We are taking it very seriously.”
In the attack, hackers from the criminal group Qilin infiltrated Synnovis’ IT system and locked the computer system, encrypting its files to extort fees to regain access. The trusts had contracts totalling just under £1.1bn with Synnovis to provide services vital to the smooth running of the NHS.
Qilin published 104 files, each containing 3.7GB of data, on the messaging platform. The message ended with an image of the Synnovis logo, a description of the company and a link to its website. The Guardian was unable to confirm the contents of the message, but the BBC reported on Friday that the data included patient names, dates of birth, NHS numbers and descriptions of blood tests, although it is not known whether test results were also leaked.
Vulnerability of the UK healthcare sector
NHS England said it is currently analysing the data with the National Cyber Security Centre and other partners to confirm whether the data was taken from Synnovis systems and what information it contained.
Typically, the release of stolen data by ransomware gangs indicates that Synnovis has not made payment – usually demanded in the cryptocurrency bitcoin – for decrypting its systems or deleting stolen files.
Don Smith, vice president of threat research at Secureworks, a cybersecurity firm, said the attack highlighted the vulnerability of the healthcare sector, as huge data sets make it a prime target. The Qilin attack follows the hacking of NHS Dumfries and Galloway health board, which resulted in the theft of patient data. He also added:
“It follows closely in the wake of attacks on the NHS in Dumfries and Galloway and underlines that this sector, which is incredibly rich in data, must be protected.”
Since the hack began, seven hospitals run by two NHS trusts have experienced major disruption, including the cancellation or postponement of planned operations. Between June 3 and 9, two major London trusts postponed 832 surgical procedures, including cancer and organ transplants.
The disruptions affected Guy’s, St Thomas’ and King’s College, as well as the Evelina children’s hospital, Royal Brompton, the Harefield specialist heart and lung hospitals and the Princess Royal hospital in Orpington.
