WORLD
'Tens of thousands' of NHS patients have their names, dates of birth and private information published online by hackers who demanded £40m ransom after cyber attack on London hospitals
!['Tens of thousands' of NHS patients have their names, dates of birth and private information published online by hackers who demanded £40m ransom after cyber attack on London hospitals](/files/2024/2/1200x630/17190746323521024416_1200x630.jpg)
Baku, June 22, AZERTAC
NHS patients have had their names, dates of birth and other private information published online by a gang of hackers who targeted a blood testing firm at London hospitals, according to Daily Mail.
The cyber attack has caused chaos in the capital after IT systems were effectively made useless, with the group demanding a £40 million ransom.
Cyber criminals Qilin hacked testing firm Synnovis on June 3 and have been attempting to extort money from them ever since. The group previously threatened to publish stolen data if it was not paid $50 million (£40 million).
The data, almost 400GB of it, has been published on the dark web and includes patient names, dates of birth, NHS numbers and descriptions of blood tests, but it is not known if the results of the tests are also available.
IT experts estimate that the amount of data released means tens of thousands of patients will be affected.
So far the hack has caused more than 1,100 operations to be cancelled, as well as hundreds of medical appointments.
NHS England said it 'has been made aware that the cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack'.
'We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible,' a spokesperson added.
'This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.
'As more information becomes available through Synnovis' full investigation, the NHS will continue to update patients and the public.'
Between June 10-16, the second week after the attack, more than 320 planned operations and 1,294 outpatient appointments were postponed at King's College Hospital NHS Foundation Trust and Guy's and St Thomas' NHS Foundation Trust.
In total, some 1,134 operations have had to be cancelled after the attack by the group, which is believed to be based in Russia.
In response, NHS England London declared a regional incident, which it said allowed it to coordinate with neighbouring providers to manage disruption.
In its hack, Qilin infiltrated Synnovis' IT systems and encrypted vital information, effectively making IT systems useless.
It is not known exactly how much data the gang of criminals has managed to obtain, but it is thought to affect tens of thousands of patients.
The venture - a joint operation between the NHS and private company SynLab - analyses blood, urine and tissue samples for some hospitals and GP surgeries.
But it can now be revealed that the firm behind the venture, SynLab, suffered a similar cyber attack on its Italian branch in April.
In that instance group Blackbasta claimed responsibility for stealing 1.5TB of data and threatened to release it on the dark web.
SynLab was forced to disable all company computer systems in Italy as a precaution and suspend all operations at sampling points, medical centres and laboratories in the country.
Speaking to the BBC via an encrypted chat, a spokesperson for Qilin said it had carried out the latest cyber attack as a protest and claimed the UK is not doing enough to support in an unspecified war.
A spokesperson said: 'We are very sorry for the people who were suffered because of it. Herewith we don't consider ourselves guilty and we ask you don't blame us in this situation. Blame your government.'
The group implied they are possibly based in Ukraine, saying: 'Our citizens are dying in unequal combat from a lack of medicines and donor blood.'
But its claim of targeting British hospitals out of protest has been met with skepticism as the group has previously targeted councils, major international companies and other healthcare organisations.
James Bore, a chartered security professional and author of The Cyber Circuit told MailOnline it was 'realistic' that tens of thousands of people would be affected by the data release.
He said the data obtained by Qilin would include all the information attached to any test, and may even include the results.