Hacked data from London’s NHS hospitals allegedly published online
Data from a ransomware attack has reportedly been published online weeks after the attack halted operations and testing in major London hospitals, according to NHS England.
A Russian group carried out the cyber attack on Synnovis, a private pathology company that analyzes blood tests for Guy’s and St Thomas’ NHS Foundation Trust (GSTT) and King’s College Trust, on June 3, forcing hospitals in the capital to cancel almost 1,600. operations and outpatient appointments.
NHS England said on Friday that it had been “made aware that the cybercriminal group last night published data that they claim belongs to Synnovis and has been stolen as part of this attack. We know how worrying this development can be for many people. We take it very seriously.”
In the attack, hackers from the Russia-based ransomware criminal group Qilin infiltrated Synnovis’ IT system and locked down the computer system by encrypting the files to extract a payment for restoring access. The trusts have contracts with Synnovis totaling just under £1.1 billion for services essential to the smooth running of the NHS.
Qilin published 104 files, each containing 3.7 GB of data, on a messaging platform. The message is topped with an image of the Synnovis logo, a description of the company and a link to the website. The Guardian could not confirm the contents, but the BBC reported on Friday that the data included patient names, dates of birth, NHS numbers and descriptions of blood tests, although it is not known whether any test results were also leaked.
NHS England said an analysis of the data is underway involving the National Cyber Security Center and other partners to confirm whether the data was extracted from Synnovis’ systems and what information it contains.
Typically, the release of stolen data by ransomware gangs is a sign that Synnovis has not made payment – usually requested in the cryptocurrency bitcoin – for decrypting its systems or deleting captured files.
Don Smith, the vice president of threat research at Secureworks, a cybersecurity firm, said the attack highlighted the vulnerability of the healthcare industry because its wealth of data makes it a prime target. The Qilin attack follows a hack at the NHS Dumfries and Galloway health board, in which patient data was stolen.
He said: “It is closely monitoring the aftermath of the attacks on the NHS in Dumfries and Galloway and underlines the need to protect this sector, which is incredibly rich in data.”
When the hack began, seven hospitals run by two NHS trusts experienced serious disruption to their services, including the cancellation or rescheduling of electives. Two major acute hospital trusts in London postponed 832 surgical procedures between June 3 and June 9, including cancer operations and organ transplants.
The disruption affected hospitals including Guy’s, St Thomas’ and King’s College, as well as Evelina Children’s Hospital, Royal Brompton, Harefield Specialist Heart and Lung Hospitals and the Princess Royal Hospital in Orpington.