Blood Test Data Leaked Following NHS London Cyber Attack

Thousands of patients’s blood test data has been released on the dark web following a cyber attack on NHS London hospitals.

The major breach, which occurred on June 3rd and targeted the NHS service provider Synnovis, saw hackers gain access to internal NHS systems and leak over 400GB of sensitive NHS blood testing data belonging to NHS customers. 

The threat actors had initially tried to extort money from Synnovis before resorting to sharing the private information online.

In a statement, NHS England said it had "been made aware that the cybercriminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack."

"We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.

"This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients," the statement added. 

The leaked data includes patient names, dates of birth, NHS numbers, and descriptions of blood tests. It remains unclear whether the blood test results are part of the leak. 

The NHS is currently investigating the authenticity of the shared data and is collaborating with the National Cyber Security Centre and other partners to determine the full extent of the breach. 

‘State-sanctioned’

The attack on Synnovis has become one of the most severe cyber attacks in NHS history, disrupting pathology services across more than a thousand hospitals and GP practices and causing widespread cancellations and rescheduling of appointments and operations. 

If the leaked Synnovis data is confirmed genuine, it could have far-reaching implications. Cybercriminals could use the stolen information for further crimes, including blackmailing individuals using their NHS numbers, names, and dates of birth. 

Dark web post shared by the hacker group claiming to have access to Synnovis data. 

The NHS faces a critical situation where it must balance addressing the breach while protecting patient data from further exploitation.

Adam Pilton, Cyber Security Consultant at CyberSmart and former Detective Sergeant investigating cybercrime told EM360Tech: "This attack is another on healthcare providers which demonstrates blatant disregard for patients. It is a significant data breach and marks the importance of cyber security across all Industries and their supply chains. 

"Whether the impact is downtime in the inability of the Healthcare services to provide key lifesaving services or the potential financial costs for NHS and the government may have to pay to recover their systems and investigate this cybercrime."

"Although there's no positive indication, early information suggests that no ransom has been paid. This is a positive step, paying ransoms only fuels further ransomware attacks. The hospitals should be credited for this decision as it's not an easy decision to take, and hold, especially in the circumstances they currently find themselves in."

Who is behind the NHS London cyber attack?

The cyber gang responsible for this attack is allegedly Qilin, a Russian ransomware-as-a-service operation. 

Qilin is notorious for demanding ransoms in exchange for not releasing stolen data. The group has previously targeted critical infrastructure, including the Victorian court system in Australia and Yangfeng Automotive Interiors in China, causing significant disruptions.

Qilin's data release is believed to be politically motivated, with the group claiming to target the UK as a form of punishment for perceived geopolitical grievances. 

In a message to the BBC, it stated its intention to penalize the UK for its lack of support in an unspecified conflict, using language reminiscent of the Ukraine-Russia situation.

The Impact on NHS Operations

The impact of the Synnovis hack on NHS operations has been profound. The disruption to pathology services has caused significant delays in diagnostic processes, potentially affecting patient outcomes.

The incident underscores the critical importance of cybersecurity in healthcare and the need for robust measures to protect sensitive patient data.

Trevor Dearing, Director of Critical Infrastructure at Illumio said: “NHS systems are a prime target for cybercriminals because one tiny breach can impact multiple entities. 

“This is another example of why breach containment is paramount – containing attacks at the point of entry can dramatically reduce the impact of a breach.”

The NHS is taking steps to mitigate the immediate impact of the breach. Efforts are underway to secure systems and prevent further data loss. 

The National Cyber Security Centre is involved in the investigation, working to understand the scope of the breach and identify the perpetrators. In the meantime, patients are being advised to monitor their personal information closely and report any suspicious activity.

Potential Consequences for Patients

The potential consequences of the data breach for patients are severe. If the leaked data includes sensitive health information, it could be used for identity theft, fraud, or extortion. 

Patients could find themselves targeted by cybercriminals seeking to exploit their personal information for financial gain.

The psychological impact on patients is also significant. Knowing that their personal health information may be in the hands of criminals can cause considerable distress and anxiety. 

The NHS and other relevant authorities must provide clear and timely information to affected individuals and offer support where needed.

‘Cyber hygiene standards across assets must be improved’

Moving forward, the NHS and other healthcare providers must take proactive steps to strengthen their cybersecurity defences. 

This includes investing in advanced security technologies, conducting regular security audits, and providing comprehensive training for staff on best practices for data protection.

Collaboration between healthcare providers, cybersecurity experts, and law enforcement agencies is essential to combat the growing threat of cybercrime. Sharing information about threats and vulnerabilities can help organizations stay ahead of potential attacks and develop effective strategies for protecting sensitive data.

The NIS2 Regulation, an updated directive from the European Union, aims to strengthen the cybersecurity of essential services, including healthcare. This regulation mandates enhanced security requirements, incident reporting, and risk management practices for critical sectors.

For the NHS, adopting NIS2 principles is crucial to prevent future breaches, safeguard patient data, and ensure uninterrupted healthcare services. By embracing NIS2 guidelines, the NHS can enhance its cybersecurity posture, effectively responding to threats and protecting sensitive health information in the digital age.

Andrew Lintell, General Manager of EMEA at Claroty told EM360Tech that" “the incoming NIS2 regulation, will push for more stringent requirements including asset management to be introduced”

“This will ensure that while the healthcare industry continues to face significant challenges around balancing patient care, budgets, and security; focusing on managing digital assets will help tackle all three issues simultaneously.”

“With this under control, providers can work towards an efficient and cost-effective IT infrastructure that boosts patient care without opening the door for cybercriminals.”

“The Synnovis hack serves as a stark reminder of the importance of cybersecurity in healthcare.  By learning from this incident and implementing robust security measures, the NHS can better protect patient data and ensure the continuity of critical healthcare services in the face of evolving cyber threats."

As more details emerge, it is vital to stay informed and vigilant. Protecting personal information and maintaining robust cybersecurity practices are essential steps in safeguarding against the increasing threat of cyber attacks. 

The NHS, along with global healthcare systems, must prioritize cybersecurity to prevent future breaches and protect the sensitive data of millions of patients.