NHS patients have had their names, dates of birth and other private information published online by a gang of hackers who targeted a blood testing company in London hospitals.
The cyber attack has caused chaos in the capital after IT systems were effectively rendered unusable, with the group demanding a £40m ransom.
Cybercriminals Qilin hacked testing company Synnovis on June 3 and have been trying to extort money from them ever since. The group previously threatened to publish stolen data if it did not pay $50 million.
The data, almost 400 GB, includes patient names, dates of birth, NHS numbers and descriptions of blood tests, but it is not known whether the results of the tests are also available.
IT experts estimate that the amount of data released means tens of thousands of patients will be affected if it is verified as actual NHS data.
So far, the hack has caused more than 1,100 surgeries to be canceled, as well as hundreds of medical appointments.
Qilin took responsibility for the hack online and has since published a large amount of data
Between June 10 and 16, the second week after the attack, more than 320 elective surgeries and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust (photo: King’s College Hospital)
The number of rescheduled elective surgeries has fallen by 494 since the first week after the attack, June 3 to 9, but the number of missed outpatient appointments has increased by 394 (Photo: Guys and St Thomas’ Hospital)
NHS England said it has been “made aware that the cybercriminal group last night published data that they claim belongs to Synnovis and was stolen as part of this attack.”
“We understand that this may be of concern to people and we continue to work with Synnovis, the National Cyber Security Center and other partners to determine the contents of the published files as quickly as possible,” a spokesperson said.
‘This includes whether it is data taken from the Synnovis system, and if so, whether it relates to NHS patients.
‘As more information becomes available through the full Synnovis investigation, the NHS will continue to inform patients and the public.’
Between June 10 and 16, the second week after the attack, more than 320 elective surgeries and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.
In total, some 1,134 operations had to be canceled following the attack by the group, believed to be based in Russia.
In response, NHS England London declared a regional incident, which it said allowed it to coordinate with neighboring providers to manage the disruption.
With his hack, Qilin infiltrated Synnovis’ IT systems and encrypted crucial information, effectively rendering IT systems unusable.
It is not known exactly how much data the gang of criminals managed to obtain, but it probably concerns thousands of patients.
The company – a joint venture between the NHS and a private company – analyzes blood, urine and tissue samples for some hospitals and GP practices.
Speaking to the BBC via an encrypted chat, a Qilin spokesperson said it carried out the cyber attack as a protest, claiming Britain is not doing enough to support an unspecified war.
The NHS cyber attack nightmare has continued with 1,134 operations and hundreds of appointments still being canceled two weeks after hackers caused a ‘critical incident’ in London hospitals
A spokesperson said: ‘We are very sorry to the people who have suffered as a result. We do not consider ourselves guilty of this and ask you not to blame us in this situation. Blame your government.”
The group suggested they may be based in Ukraine, saying: “Our citizens are dying in an unequal fight due to a lack of medicine and donor blood.”
But the claim to attack British hospitals in protest has been met with skepticism as the group has previously targeted councils, major international companies and other healthcare organisations.
A spokesperson for Synnovis said: ‘Last night, a group claiming responsibility for the cyber attack published data online that they claim belongs to Synnovis.
‘We know how worrying this development can be for many people. We take it very seriously and analysis of this data is already underway.
‘This analysis, carried out in collaboration with the NHS, the National Cyber Security Center and other partners, aims to confirm whether the data was extracted from Synnovis’ systems and what information it contains.
‘We will keep our service users, staff and partners informed as the investigation progresses.’
On Thursday, Dr Chris Streather, medical director of NHS London, said: ‘While we are seeing some services operating at near-normal levels and have seen a reduction in the number of elective procedures postponed, the cyber attack on Synnovis continues. have a significant impact on NHS services in South East London.
‘Delaying treatment is distressing for patients and their families, and I would like to apologize to every patient affected by the incident, and staff continue to work hard to reschedule appointments and treatments as quickly as possible.
‘Mutual aid agreements between NHS laboratories are beginning to have a positive impact on primary care providers, increasing the number of blood tests available for the most critical and urgent cases.
‘Patients should access services in the normal way by calling 999 in an emergency and otherwise using NHS 111 via the NHS app, online or on the phone.
‘They must also continue to attend appointments unless the clinic team tells them otherwise.’