NHS patients have had their names, dates of birth and other private information published online by a gang of hackers who targeted a blood testing firm at London hospitals.
The cyber attack has caused chaos in the capital after IT systems were effectively made useless, with the group demanding a £40 million ransom.
Cyber criminals Qilin hacked testing firm Synnovis on June 3 and have been attempting to extort money from them ever since. The group previously threatened to publish stolen data if it was not paid $50 million (£40 million).
The data, almost 400GB of it, has been published on the dark web and includes patient names, dates of birth, NHS numbers and descriptions of blood tests, but it is not known if the results of the tests are also available.
IT experts estimate that the amount of data released means tens of thousands of patients will be affected.
So far the hack has caused more than 1,100 operations to be cancelled, as well as hundreds of medical appointments.
Qilin took responsibility for the hack online and has now published a large amount of data
Between June 10-16, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust (pictured: King’s College Hospital)
The number of rearranged planned operations has gone down by 494 since the first week after the attack, June 3-9, but the number of missed outpatient appointments has increased by 394 (pictured: Guys and St Thomas’ Hospital)
NHS England said it ‘has been made aware that the cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack’.
‘We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible,’ a spokesperson added.
‘This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.
‘As more information becomes available through Synnovis’ full investigation, the NHS will continue to update patients and the public.’
Between June 10-16, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.
In total, some 1,134 operations have had to be cancelled after the attack by the group, which is believed to be based in Russia.
In response, NHS England London declared a regional incident, which it said allowed it to coordinate with neighbouring providers to manage disruption.
In its hack, Qilin infiltrated Synnovis’ IT systems and encrypted vital information, effectively making IT systems useless.
It is not known exactly how much data the gang of criminals has managed to obtain, but it is thought to affect tens of thousands of patients.
The venture – a joint operation between the NHS and private company SynLab – analyses blood, urine and tissue samples for some hospitals and GP surgeries.
But it can now be revealed that the firm behind the venture, SynLab, suffered a similar cyber attack on its Italian branch in April.
In that instance group Blackbasta claimed responsibility for stealing 1.5TB of data and threatened to release it on the dark web.
SynLab was forced to disable all company computer systems in Italy as a precaution and suspend all operations at sampling points, medical centres and laboratories in the country.
Speaking to the BBC via an encrypted chat, a spokesperson for Qilin said it had carried out the latest cyber attack as a protest and claimed the UK is not doing enough to support in an unspecified war.
NHS’s cyber attack nightmare has carried on with 1,134 operations and hundreds of appointments still being cancelled two weeks after hackers triggered a ‘critical incident’ at London hospitals
A spokesperson said: ‘We are very sorry for the people who were suffered because of it. Herewith we don’t consider ourselves guilty and we ask you don’t blame us in this situation. Blame your government.’
The group implied they are possibly based in Ukraine, saying: ‘Our citizens are dying in unequal combat from a lack of medicines and donor blood.’
But its claim of targeting British hospitals out of protest has been met with skepticism as the group has previously targeted councils, major international companies and other healthcare organisations.
James Bore, a chartered security professional and author of The Cyber Circuit told MailOnline it was ‘realistic’ that tens of thousands of people would be affected by the data release.
He said the data obtained by Qilin would include all the information attached to any test, and may even include the results.
Mr Bore said: ‘Given the Synnovis system was introduced in October last year and we are talking about three hospitals, tens of thousands of patients seems realistic.
‘Firms need to invest in and actually understand cyber security. This is not the first time SynLab has been affected.
‘In April of this year their Italian branch was affected by a ransom attack. So they’ve been through this before.
‘By consolidating the data of multiple hospitals onto one system, it’s been made into a target because there is simply more data collected.
‘SynLab has made the data vulnerable by consolidating it in this way.’
He added: ‘While it is something for individuals to worry about, it’s not something they should panic about.
‘It is immensely personal data, but in order to make use of that and find someone in that list to target them individually with that medical information is an awful lot of work.’
A spokesperson for Synnovis said: ‘Last night a group claiming responsibility for the cyberattack published data online that they allege belongs to Synnovis.
‘We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already underway.
‘This analysis, run in conjunction with the NHS, the National Cyber Security Centre and other partners, aims to confirm whether the data was taken from Synnovis’ systems and what information it contains.
‘We will keep our service users, employees and partners updated as the investigation progresses.’
On Thursday, Dr Chris Streather, medical director for NHS London, said: ‘Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber-attack on Synnovis is continuing to have a significant impact on NHS services in South East London.
‘Having treatment postponed is distressing for patients and their families, and I would like to apologise to any patient who has been impacted by the incident, and staff are continuing to work hard to rearrange appointments and treatments as quickly as possible.
‘Mutual aid agreements between NHS labs have begun to have a positive impact in primary care providers, helping increase the number of blood tests available for the most critical and urgent cases.
‘Patients should access services in the normal way by dialling 999 in an emergency and otherwise use NHS 111 through the NHS App, online or on the phone.
‘They should also continue to attend appointments unless they are told otherwise by the clinic team.’
Source: Mail Online
