NHS England confirms patient data stolen in cyber attack

NHS England has confirmed that its patient data managed by blood test management organisation Synnovis was stolen in a ransomware attack on 3 June.

Qilin, a Russian cybercriminal group, leaked nearly 400GB of private information on its darknet site on Thursday evening and threatened to extort money from Synnovis.

In a statement, NHS England said there was “no evidence” that test results had been published, but “investigations are ongoing”.

The attack disrupted more than 3,000 hospital and doctor appointments.

“Patients should continue to attend their appointments unless told otherwise and access emergency care as usual,” NHS England said.

The stolen data, which the BBC was able to view, includes patient names, dates of birth, NHS numbers and descriptions of blood tests. Cybersecurity expert Ciaran Martin described this to the BBC as “one of the most significant and damaging cyberattacks ever seen in the UK”.

In addition, there are business account tables detailing financial arrangements between hospitals and GP services and Synnovis.

The ransomware hackers infiltrated the computer systems of the company, which is used by two NHS trusts in London, and encrypted critical information, rendering the IT systems unusable.

As is often the case with cybercriminals, they also downloaded as much private data as possible in order to extort an additional ransom in Bitcoins from the company.

It is not known how much money the hackers demanded from Synnovis or whether the company entered into negotiations, but the fact that Qilin released some, possibly all, of the data means they did not pay.

The cyber attackers told the BBC via an encrypted messaging service that they had specifically targeted Synnovis to punish Britain for its inadequate help in an unspecified war.

In a statement, NHS England said it was “continuing to work with Synnovis and the National Crime Agency.”

NHS England said it had set up a hotline to support those affected by the attack and would continue to provide updates, but said “investigations of this nature are complex and time-consuming”.