NHS England has confirmed that patient data managed by blood test management organization Synnovis was stolen in a ransomware attack on June 3.

The attack impacted several NHS trusts, including King’s College Hospital and St Thomas’, as well as various GP services.

Details of the Attack

The cyber-criminal group Qilin, believed to be based in Russia, claimed responsibility for the attack. On Thursday night, they published nearly 400GB of private information on their darknet site after threatening to do so to extort money from Synnovis.

NHS Response and Impact

In a statement, NHS England assured the public that there is "no evidence" that test results have been published, though investigations are ongoing. The attack caused significant disruption, affecting more than 3,000 hospital and GP appointments. Despite the breach, NHS England advised patients to continue attending their appointments unless instructed otherwise and to seek urgent care as usual.

Nature of the Stolen Data

A sample of the stolen data reviewed by the BBC includes sensitive information such as patient names, dates of birth, NHS numbers, and descriptions of blood tests. Cybersecurity expert Ciaran Martin described the incident as "one of the most significant and harmful cyber attacks ever in the UK." Additionally, business account spreadsheets detailing financial arrangements between hospitals, GP services, and Synnovis were also compromised.

Ransom Demands and Motivation

The ransomware attackers infiltrated Synnovis's computer systems, encrypting vital information and rendering IT systems inoperative. They also downloaded as much private data as possible to increase pressure for a ransom payment in Bitcoin. While the exact ransom amount remains unknown, Qilin's publication of the data suggests Synnovis did not comply with the demands.

The cyber-attackers communicated with the BBC via an encrypted messaging service, stating they targeted Synnovis to "punish the UK for not helping enough in an unspecified war."

Ongoing Efforts and Support

NHS England is collaborating with Synnovis and the National Crime Agency to address the fallout from the attack. A helpline has been established to support those affected, and NHS England will continue to provide updates as the investigation progresses. They noted that investigations of this nature are complex and time-consuming.

The NHS's handling of the situation underscores the serious threat cyber attacks pose to critical healthcare infrastructure and the need for robust cybersecurity measures. Photo by KiloCharlieLima, Wikimedia commons.