A gang of hackers who attacked a blood testing company in London hospitals published the names, dates of birth and other private information of NHS patients online.
The cyberattack has caused chaos in the capital after IT systems were effectively crippled, with the group demanding a £40m ransom.
Qilin cybercriminals hacked the testing company Synnovis on June 3 and have been trying to extort money from them ever since. The group previously threatened to publish stolen data if it was not paid $50m (£40m).
The data, almost 400GB, has been published on the dark web and includes patient names, dates of birth, NHS numbers and blood test descriptions, but it is not known whether test results are also available.
IT experts estimate that the amount of data released means that tens of thousands of patients will be affected.
So far the hack has caused the cancellation of more than 1,100 operations, as well as hundreds of medical appointments.
Qilin took responsibility for the online hack and has now released a large amount of data.
Between June 10 and 16, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust (pictured: King’s College Hospital)
The number of reorganized planned operations has reduced by 494 since the first week after the attack, June 3-9, but the number of missed outpatient appointments has increased by 394 (pictured: Guys and St Thomas’ Hospital)
NHS England said it “has been informed that the cybercriminal group last night published data which they claim belongs to Synnovis and was stolen as part of this attack.”
“We understand this may worry people and we continue to work with Synnovis, the National Cyber Security Center and other partners to determine the content of the published files as quickly as possible,” a spokesperson added.
‘This includes whether it is data taken from the Synnovis system and, if so, whether it relates to NHS patients.
“As more information becomes available through the full Synnovis investigation, the NHS will continue to update patients and the public.”
Between June 10 and 16, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust were postponed.
In total, some 1,134 operations have had to be canceled following the attack by the group, which is believed to be based in Russia.
In response, NHS England London declared a regional incident, which it said allowed it to coordinate with neighboring providers to manage disruptions.
In his hack, Qilin infiltrated Synnovis’ IT systems and encrypted vital information, effectively rendering the IT systems useless.
It is not known exactly how much data the criminal gang has managed to obtain, but it is believed to affect tens of thousands of patients.
The company, a joint operation between the NHS and private company SynLab, analyzes blood, urine and tissue samples for some hospitals and GP surgeries.
But it can now be revealed that the company behind the venture, SynLab, suffered a similar cyberattack on its Italian branch in April.
In that case, the Blackbasta group claimed responsibility for the theft of 1.5 TB of data and threatened to publish it on the dark web.
SynLab was forced to deactivate all the company’s IT systems in Italy as a precaution and suspend all operations at sampling points, medical centers and laboratories in the country.
Speaking to the BBC via encrypted chat, a Qilin spokesperson said it had carried out the latest cyberattack in protest and claimed the UK was not doing enough to support an unspecified war.
The NHS cyberattack nightmare has continued with 1,134 operations and hundreds of appointments canceled two weeks after hackers triggered a “critical incident” at London hospitals.
A spokesperson said: ‘We are very sorry for the people who suffered because of this. We hereby do not consider ourselves guilty and ask that you do not blame us for this situation. Blame your government.’
The group hinted that they may be based in Ukraine, saying: “Our citizens are dying in unequal combats due to lack of medicine and donor blood.”
But its claim to attack British hospitals in protest has been met with skepticism, as the group has previously attacked local councils, large international companies and other health organisations.
James Bore, a chartered security professional and author of The Cyber Circuit, told MailOnline it was “realistic” that tens of thousands of people would be affected by data disclosure.
He said the data obtained by Qilin would include all the information attached to any test, and could even include the results.
Mr Bore said: “Given that the Synnovis system was introduced in October last year and we are talking about three hospitals, tens of thousands of patients seems realistic.”
‘Businesses need to invest in and really understand cybersecurity. This is not the first time SynLab has been affected.
‘In April this year, its Italian branch was hit by a ransomware attack. They’ve been through this before.
‘By consolidating data from multiple hospitals into a single system, it has become a target because more data is simply being collected.
“SynLab has made data vulnerable by consolidating it in this way.”
He added: “While it is something people should be concerned about, it is not something they should panic about.”
“It’s immensely personal data, but making use of it and finding someone on that list to individually address that medical information to you is a huge amount of work.”
A Synnovis spokesperson said: “Last night, a group that claimed responsibility for the cyberattack posted data online that they claim belongs to Synnovis.
‘We know how worrying this development can be for many people. We are taking this very seriously and an analysis of this data is already underway.
‘This analysis, carried out in conjunction with the NHS, the National Cyber Security Center and other partners, aims to confirm whether the data was taken from Synnovis systems and what information it contains.
“We will keep our service users, employees and partners informed as the investigation progresses.”
On Thursday, Dr Chris Streather, medical director of NHS London, said: “While we are seeing some services operating at near-normal levels and have seen a reduction in the number of elective procedures being postponed, the cyberattack on Synnovis continues. have a significant impact on NHS services in South East London.
“Having treatment postponed is distressing for patients and their families, and I would like to apologize to any patients who have been affected by the incident, and staff continue to work hard to rearrange appointments and treatments as quickly as possible.
‘Mutual aid arrangements between NHS laboratories have begun to have a positive impact on primary care providers, helping to increase the number of blood tests available for the most critical and urgent cases.
‘Patients should access services as usual by dialing 999 in an emergency and otherwise use NHS 111 via the NHS app, online or by phone.
“They should also continue to attend appointments unless instructed otherwise by the clinic team.”
