NHS England has now confirmed its patient data, managed by blood test management organisation Synnovis, was stolen in a ransomware attack on 3rd June. According to the BBC some of that data has been published on the dark web by the hackers.
On 4th June 2024, the Independent reported that two major London hospital trusts had to cancel all non-emergency operations and blood tests due to a significant cyber attack. Both King’s College Hospital Foundation Trust and Guy’s and St Thomas’ Hospitals Foundation Trusts have seen their pathology systems compromised by malware.
Synnovis, the service provider responsible for blood tests, swabs, bowel tests, and other critical services for these hospitals, was targeted in this attack. The impact was widespread, affecting NHS patients across six London boroughs.
It now transpires that, Qilin, a Russian cyber-criminal group, shared almost 400GB of private information on their darknet site on Thursday night. A sample of the stolen data seen by the BBC includes patient names, dates of birth, NHS numbers and descriptions of blood tests. NHS England said in a statement that there is “no evidence” that test results have been published, but that “investigations are ongoing”.
The Information Commissioner’s Office said in statement:
“While we are continuing to make enquiries into this matter, we recognise the sensitivity of some of the information in question and the worry this may have caused.
“We would urge anyone concerned about how their data has been handled to check our website for advice and support, as well as visiting NHS England’s website.”
We have two workshops coming up in September (Introduction to Cyber Security and Cyber Security for DPOs) which are ideal for organisations who wish to up skill their employees about data security. See also our Managing Personal Data Breaches Workshop.
