Hackers have published the names and dates of birth of NHS patients after targeting a blood testing firm at a number of London hospitals.
The cyber attack on June 3 led to more than a thousand operations being cancelled along with hundreds of medical appointments.
Now the group behind the attack, Qilin which is believed to be based in Russia, have published patients’ private information on the dark web after the group demanded a £40m ransom.
The information includes NHS numbers and blood test descriptions but whether blood test results are included is not yet known.
- Global increase in number of people with type 1 diabetes living longer
- New NHS deal sparks concerns of data misuse
- New NHS scheme to reduce hospital admissions by tracking kettles and fridges
The data amounts to almost 400GB, leading IT experts to say that the volume indicates it could affect tens of thousands of patients whose data is held by testing firm Synnovis.
NHS England said it “has been made aware that the cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack”.
The spokesman went on to say: “We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.
“This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.
“As more information becomes available through Synnovis’ full investigation, the NHS will continue to update patients and the public.”
Qilin’s attack on Synnovis’ IT systems rendered them useless, which led to operations and appointments being cancelled at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.
The medical testing operation across the hospitals is a joint venture between the NHS and private company SynLab.
However, it has been revealed that that SynLab’s Italian branch suffered a similar attack just two months ago.
Experts said that holding such large volumes of data in one place increases its vulnerability to attacks like these.
James Bore, a chartered security professional and author of The Cyber Circuit, said: “Given the Synnovis system was introduced in October last year and we are talking about three hospitals, tens of thousands of patients seems realistic.
“Firms need to invest in and actually understand cyber security. This is not the first time SynLab has been affected.
- Private health data breach in Isle of Man to be dealt within 3 months, officials say
- AI-generated alerts reduce hospital patients’ risk of dying, study shows
- Artificial intelligence can be a ‘collaborative tool’ for doctors at risk of burnout
“By consolidating the data of multiple hospitals onto one system, it’s been made into a target because there is simply more data collected. SynLab has made the data vulnerable by consolidating it in this way.
“While it is something for individuals to worry about, it’s not something they should panic about. It is immensely personal data, but in order to make use of that and find someone in that list to target them individually with that medical information is an awful lot of work.”
A spokesperson for Synnovis said: “A group claiming responsibility for the cyberattack published data online that they allege belongs to Synnovis.
“We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already underway.
“This analysis, run in conjunction with the NHS, the National Cyber Security Centre and other partners, aims to confirm whether the data was taken from Synnovis’ systems and what information it contains.
“We will keep our service users, employees and partners updated as the investigation progresses.”