NHS CYBERSEC BREACH: Across the globe, hundreds of millions of people depend on healthcare systems to keep their information safe. Patients trust hospitals and their administrators to keep their medical records confidential. That said, when taking a look under the hood, much of the world’s medical infrastructure is tenuous at best, relying on outdated technology. This leaves them wide open to cyber sabotage.
Last week, the Russian cyber crime gang Qilin orchestrated an attack on seven London hospitals owned by two National Health Service (NHS) trusts, as reported by the Guardian. 300 million patient interactions are now in their possession. While it remains unclear what information is now public, the content of the stolen data is critical. The hackers made off with details on organ transplants, blood tests and transfusions, and patient STIs, reliable sources told the Guardian. Qilin runs a ransomware-as-a-service operation, which offers malware to fellow criminals in exchange for a portion of the spoils.
If that wasn’t concerning enough, experts believe the cyber-criminal group’s haul includes records from multiple private providers. The nearly 380GB worth of private material include patient names, dates of birth, NHS numbers and descriptions of tests. These records go back years.
As a result, the two trusts canceled 1134 operations, including cancer and transplant operations, and delayed 2194 outpatient appointments. The ambush specifically targeted Synnovis, a private/NHS joint venture that provides hospital pathology services like blood tests and transfusions. The Russian cyberpunks also locked the company out of its own IT system.
In a statement following the incident, NHS England said: “NHS England has been made aware that the cyber-criminal group published data last night which they are claiming belongs to Synnovis… We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.”
This attack sent a shock through the English healthcare system. It serves as an unpleasant–albeit imperative–reminder of the importance of solid cybersecurity.
Interested about learning how to avoid events like this NHS cybersec breach? Read our blog on our cybersecurity awareness.