The cybercriminal group responsible for disruptions at several London hospitals has released sensitive patient data stolen from an NHS blood testing company. Late Thursday night, the group known as Qilin uploaded nearly 400GB of private information to their darknet site.
The gang has been attempting to extort money from Synnovis, an NHS provider, since hacking the company earlier this month.
The leaked data includes patient names, dates of birth, NHS numbers, and descriptions of blood tests, though it is unclear if the test results are also included. The breach has led to over 3,000 hospital and GP appointments and operations being disrupted.
Additionally, the breach revealed business account spreadsheets detailing financial arrangements between hospitals, GP services, and Synnovis.
Ciaran Martin, former head of the National Cyber Security Centre and now a professor at Oxford University, said in an interview that it could take several months to fully restore the systems after describing the incident as “one of the most significant and harmful cyber attacks ever in the UK.”
The ransomware attackers infiltrated Synnovis’s computer systems, encrypting essential information and rendering IT systems inoperative. They also downloaded as much private data as possible to leverage it for a ransom in Bitcoin.
The exact amount demanded by the hackers remains unknown, and there is no confirmation on whether Synnovis engaged in negotiations.
However, Qilin’s release of the data suggests that no ransom was paid. Law enforcement agencies worldwide consistently advise against paying ransoms, as it perpetuates criminal activities and does not ensure the criminals will uphold their end of the bargain.
The gang, like many ransomware groups, is believed to operate from Russia, but they declined to provide details about their political affiliations or precise location “for security reasons.” Their darknet site also hosts stolen data from other healthcare organisations, as well as schools, companies, and councils globally.
NHS England said: “We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.”
Synnovis added: “We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already underway.”
Add Comment