A sample of the stolen data, seen by the BBC, includes patient names, dates of birth, NHS numbers, and descriptions of blood tests
NHS England has confirmed that patient data managed by Synnovis, a blood test management organisation, was stolen in a ransomware attack on June 3. The Russian cyber-criminal group Qilin has shared nearly 400GB of private information on their darknet site, following through on a threat to extort money from Synnovis.
In a statement, NHS England assured that there is “no evidence” that test results have been published, but added that “investigations are ongoing.” The attack disrupted more than 3,000 hospital and GP appointments. NHS England advised patients to continue attending their appointments unless instructed otherwise and to access urgent care as usual.
A sample of the stolen data, seen by the BBC, includes patient names, dates of birth, NHS numbers, and descriptions of blood tests. Cybersecurity expert Ciaran Martin described it as “one of the most significant and harmful cyber attacks ever in the UK.” The data also includes business account spreadsheets detailing financial arrangements between hospitals, GP services, and Synnovis.
The ransomware attack targeted the computer systems of Synnovis, used by two NHS trusts in London, encrypting vital information and rendering IT systems useless. The hackers also downloaded private data to further extort the company for a ransom payment in Bitcoin. It remains unclear how much money was demanded or if negotiations took place. The publication of some or all of the data suggests Synnovis did not pay the ransom.
The cyber-attackers told the BBC on an encrypted messaging service that they targeted Synnovis to punish the UK for not helping enough in an unspecified war.
NHS England stated it is working with Synnovis and the National Crime Agency. A helpline has been set up to support those affected by the attack, and updates will be provided as the complex investigation continues.
