Investigation into Russian hacking of London hospitals could take weeks amid concerns over online data dumps

PAN PYLAS, Associated Press

21 mins ago

LONDON (AP) — The investigation into a ransomware attack by the Russian group Qilin on London hospitals earlier this month could take weeks, the country’s state-run National Health Service said Friday, as concerns grow over a reported data dump of patient records.

More than two weeks after the June 3 attack on NHS provider Synnovis, which provides pathology services mainly in south-east London, hundreds of operations and appointments are still being cancelled.

The attack affected King’s College and Guy’s and St Thomas’ Hospital Trusts, which run several hospitals in south London as well as clinics and doctors’ surgeries in part of the city. A memo to staff described the incident as a “critical incident” and said it had a “significant impact” on care, particularly blood transfusions.

NHS England said on Friday it was “aware” that data related to the attack had been published online. According to the BBC, Qilin shared almost 400GB of data, including patient names, birth dates and descriptions of blood tests, on its dark web site and Telegram channel.

“The National Crime Agency and the National Cyber ​​Security Centre are working to verify the data contained in the published files as quickly as possible,” NHS England said in a statement. “These files are not simple uploads, so investigations of this nature are highly complex and can take weeks or even longer.”

According to Saturday’s edition of the British newspaper The Guardian, records of 300 million patient interactions were stolen in the attack, including the results of blood tests for HIV and cancer.

A website and a helpline have been set up for affected patients.

“We understand how distressing this is for patients who have to have the test repeated,” NHS England said.

The National Crime Agency confirmed it was leading the criminal investigation but said it could not comment further.

Ransomware involves criminals crippling computer systems with malicious software and then demanding money for its release. Ransomware is the most expensive and damaging form of cybercrime, affecting local authorities, court systems, hospitals and schools as well as businesses. It is difficult to combat because most gangs are based in former Soviet states and are beyond the reach of Western justice.

Britain’s state-funded healthcare system has been hit before, including during a ransomware attack in 2017 that froze computers in hospitals across the country, closing wards and emergency departments and halting treatment.

Qilin, also known as Agenda, advertises on cybercrime forums on the dark web and rents malware to partners who use it to carry out attacks in exchange for a percentage of ransom payments, said Louise Ferrett of Searchlight Cyber, a threat intelligence firm. The group has listed more than 100 victims.