Stolen test data and NHS numbers published by hospital hackers

(From The BBC)

A group called Qilin has shared 400GB of private NHS data on the Darknet, thought to include patient identifiers and blood test results. This seems to be the result of an unpaid ransomware demand, allegedly for $50 million. The action also caused potentially dangerous disruption to thousands of medical appointments.

Qilin is a ransomware group that popped up in 2022 and is thought by many to work from Russia.

The data was not stolen directly from NHS systems but rather from an organisation called Synnovis who provides pathology services for the NHS. Again this shows that it’s really only the weakest link that matters. Hackers only have to be successful once.

It’s far from the first healthcare organisation to be attacked. Just a couple of years ago the NHS once again saw one of the organisations who provides it with IT services attacked. Last year saw 70TB worth of sensitive data from Barts Health NHS Trust held to ransom as well as details of over 1 million patients threatened by an attack against the University of Manchester.

Elsewhere, earlier this year United Healthcare decided to actually pay the ransom, suggested to represent $22 million worth of Bitcoins, when their subsidiary, Change Healthcare was attacked.

It’s all rather terrifying. At least whilst it feels like there’s little indication we really know how to stop it happening.