NHS England Confirms Massive Patient Data Theft in Ransomware Attack
NHS England has revealed that patient data managed by Synnovis was stolen during a ransomware attack on 3 June. The Russian cyber-criminal group Qilin published nearly 400GB of private information to extort money. NHS England has set up a helpline and is working with Synnovis and the National Crime Agency.
NHS England has revealed that patient data managed by blood test management firm Synnovis was stolen during a ransomware attack on 3 June.
The Russian cyber-criminal group Qilin exfiltrated nearly 400GB of private information, including patient names, dates of birth, NHS numbers, and blood test details.
They published this data on their darknet site to extort money from Synnovis.
NHS England stated there is no evidence that test results were published, but investigations are ongoing.
The attack disrupted over 3,000 hospital and GP appointments.
Cyber security expert Ciaran Martin described it as one of the most harmful cyber attacks ever in the UK.
NHS England has set up a helpline for those affected and is working with Synnovis and the National Crime Agency.
The hackers demanded a ransom in Bitcoin and cited punishment for the UK as their motivation, but Synnovis did not pay.