London hospitals hackers publish stolen blood test data

BBC 21st June, 2024 02:25 PM

Hackers causing huge disruption to multiple London hospitals have published sensitive data stolen from an NHS blood testing company.

Overnight on Thursday, Qilin shared almost 400GB of private information on their darknet site and Telegram channel.

The gang has been trying to extort money from NHS provider Synnovis since they hacked the firm on 3 June.

Qilin previously told the BBC they would publish the data unless they got paid.

The data includes patient names, dates of birth, NHS numbers and descriptions of blood tests. It is not known if test results are also in the data.

There are also business account spreadsheets detailing financial arrangements between hospitals GP services and Synnovis.

NHS England told the BBC it was aware of the publication but could not be completely sure the shared data was real.

It said it had “been made aware that the cybercriminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack.

“We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.

“This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.”

Hackers ransom

Synnovis, meanwhile, said: “We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already underway.”

The Synnovis hack has been one of the worst cyber-attacks ever in the UK with more than 1,000 hospital and GP appointments and operations affected by the disruption to pathology services.

The ransomware hackers infiltrated the computer systems of the company used by two NHS trusts in London and encrypted vital information making IT systems useless.

A man uses a computer with a mask on. PHOTO/Pexels

As is often the case with these gangs, they also downloaded as much private data as they could to further extort the company for a ransom payment in Bitcoin.

It is not known how much money the hackers demanded from Synnovis or if the company entered negotiations. But the fact Qilin has published some, potentially all, of the data means they did not pay.

Law enforcement agencies around the world regularly urge victims of ransomware not to pay as it fuels the criminal enterprise and does not guarantee that the criminals will do as they promise.

Ransomware expert Brett Callow from Emsisoft said healthcare organisations were increasingly being targeted as the hackers knew that they could cause a lot of harm and sometimes get a big payday.

“Cybercriminals go where the money is and, unfortunately, the money is in attacking the healthcare sector. And since United Health Group reportedly paid a $22m (£17.3m) ransom earlier this year, the sector is more squarely in the crosshairs than ever before,” he said.

Targeted Synnovis

On Tuesday night Qilin spoke to the BBC on an encrypted messaging service and said they had deliberately targeted Synnovis as a way to punish the UK for not helping enough in an unspecified war.

Qilin, which has a well-established record of attempting to extort money, claimed in this instance it had carried out a cyber-attack as a protest.

“We are very sorry for the people who suffered because of it. Herewith we don’t consider ourselves guilty and we ask you don’t blame us in this situation. Blame your government.”

Qilin’s claims of having an activist motive are largely being met with scepticism.

On their darknet site, they have leaked stolen data from other healthcare organisations, schools, companies and councils around the world for money.

Before you go…how about joining our vibrant Telegram and WhatsApp channels for hotter stories?

Telegram: https://t.me/k24tvdigital

WhatsApp:https://whatsapp.com/channel/0029VaKQnFUIXnljs50pC32O