NHS Hackers leak Patient Information

By Sheku Jusu-Sheriff

Marketing Manager, Africa Risk Management and Compliance Partners

Following on from our last article about the Ransomware attack on the NHS Blood services provider Synnovis, we now know that the Ransomware gang behind the attack QiLin have made good on their threat to release highly sensitive personal patient data into the public domain. Presumably, because the ransom was not paid.?

Here are the latest key facts about the incident:

?

• Cybercriminal gang QiLin have shared over 400GB of confidential information from the NHS to their darknet
• After hacking Synnovis earlier this month, QiLin wanted $50 million from Synnovis not to release the data
• The leaked data included patient names, dates of birth, NHS numbers and blood test results
• The hack resulted in more than 3,000 hospital and GP appointments, and operations facing delay or cancellation.
• This hack has shown that hackers will release sensitive data no matter the consequences that follow the data being released

The fact is this is not an isolated incident. The UK NHS has been attacked before as has the Health Service of Ireland.

What it demonstrates is that the impact of Ransomware on the healthcare sector can be doubly devastating. Not only can highly sensitive patient records be stolen and sold for personal blackmail attacks; but indeed lives can be put at risk or threatened by a breakdown of hospital information systems and processes causing delays that could in extreme cases cost lives.

The number one risk faced by you and your critical suppliers is Cybersecurity Risk. It is therefore essential for all healthcare companies to complete a cybersecurity risk assessment, to identify the level of risk they face.