The data of over a million NHS patients may have been stolen following a recent cyber attack on the University of Manchester, senior UK health chiefs are warning. 

The attack, which hit the university at the start of the month, allowed hackers to copy the data from the university’s systems – but it was not known what data was taken. 

According to a report by the Independent, however, it has now been confirmed that these systems contained an NHS patient data set with the personal information of 1.1 million patients across 200 hospitals. 

The exposed details include patients’ NHS numbers and the first three letters of their postcodes, and records of major trauma patients treated after terror attacks – which were gathered by the university for research purposes. 

It is not yet known who was behind the attack, but it has been confirmed that it is unrelated to the recent MoveIT attacks on the BBC, British Airways and, most recently, US Government Agencies. 

According to an investigation carried out by the university, analysis suggests around 250 gigabytes of its data was accessed, with the threat actors compromising the university’s backup servers. 

NHS chiefs have been warned by the University of Manchester that there was “potential for NHS data to be made available in the public domain” and the data set has since been closed. 

Dating back to 2012, patients will not know if they are on the database or not as they did not give their consent to be recorded on it. 

Hackers Hit Healthcare

This is just one of the many attacks on healthcare institutions in recent months, which have become a prime target for hackers wishing to inflict damage on national infrastructure. 

Earlier this month, three hospitals in Idaho were forced to divert ambulances to other hospitals after hackers compromised critical internal computer systems. 

The attack forced doctors and nurses to keep patient records on pen and paper after systems went down for hours at a time.

The NHS has also become a prime target for cybercriminals. In August last year, a large-scale ransomware campaign on the health service saw hackers steal 5.5 million patient records across Scotland, England and Wales. 

Medical staff were forced to keep patient files on pieces of paper and email for months as systems remained offline until mid-October. 

A sector under pressure

Healthcare experts have long been concerned that ransomware attacks can degrade the quality of care that patients receive at hospitals. 

A recent study by researchers at the University of California found that a ransomware attack on a local health system has ripple effects on regional hospitals, increasing emergency waiting room times and extending patients’ stay in the hospital.

Throughout the pandemic, ransomware and other cyber attacks ramped up on the health sectors, and hospitals were often ill-equipped to deal with them falling victim to attacks.

Microsoft was recently forced to use a federal court order to try to cut off cybercriminals’ access to a hacking tool that it discovered had been used in nearly 70 ransomware attacks on health organisations in more than 19 countries.