400GB of Patient Data was in the NHS Cyberattack & Breach

400GB of Patient Data was in the NHS Cyberattack & Breach
Photo by Ian Taylor / Unsplash

The criminals behind the attack claim to have shared 400GB of patient data. The NHS stated it is working swiftly to confirm the validity of these files.

The ransomware attack on the UK's National Health Service (NHS) continues to disrupt health services in London, with a significant amount of patient data potentially leaked as a result.

The Russian gang known as Qilin has reportedly shared 400GB of data on its dark web site, asserting that this data comprises personal information on patients stolen earlier this month. The BBC, which has reviewed a sample of the data, reports that it includes patient names, dates of birth, NHS numbers, and descriptions of blood tests.

"The NHS told the BBC that it could not be completely sure that the data was real. NHS England told Reuters that it is working with various parties including the UK’s National Cyber Security Centre to determine the content of the published files as quickly as possible."

Initial Attack and Ongoing Disruptions

This issue began with a massive ransomware attack that impacted multiple hospitals in London, significantly disrupting primary care services. The attack targeted Synnovis, a company that provides pathology services to the NHS, clinical users, and other service users.

The attack occurred on June 3rd, but reports indicate that hundreds of operations and appointments are still delayed weeks after the incident. On June 20th, NHS England reported that 1,134 elective procedures and 2,194 outpatient appointments had been postponed at King’s College, Guy’s, and St Thomas’ hospitals since the attack.

NHS London medical director Dr. Chris Streather stated, "Hospital staff are working hard to re-arrange appointments and treatments as quickly as possible."

Despite some services operating at near-normal levels and a reduction in the number of postponed elective procedures, the cyberattack on Synnovis continues to significantly impact NHS services in southeast London.

Dr. Streather emphasized, "Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyberattack on Synnovis is continuing to have a significant impact on NHS services in southeast London."

The Persistent Threat of Cyberattacks

The healthcare sector remains an attractive target for cyberattackers due to the sensitive and valuable information it holds on individuals. These criminals not only steal data but also disrupt vital services to increase pressure and the likelihood of ransom demands being met.

Over the years, there have been numerous incidents of healthcare organizations facing ransomware attacks. Notable examples include the HSE cyberattack in 2021 and the recent massive ransomware attack on UnitedHealth in the US.

Other sectors are not immune to such threats. For instance, a recent campaign targeting customers of the cloud service provider Snowflake put many organizations at risk, leading to the massive Ticketmaster breach where the data of 560 million accounts was put up for sale on the dark web.

The Broader Impact

The NHS cyberattack highlights the broader implications of cybersecurity breaches in the healthcare sector. Such attacks can lead to delayed treatments, postponed surgeries, and a general strain on healthcare resources. Patients may face anxiety and uncertainty about the security of their personal health information, and the disruption of services can have long-term effects on patient health outcomes.

Furthermore, the response to such attacks requires significant resources and coordination between various entities, including cybersecurity experts, healthcare administrators, and government agencies. The NHS's collaboration with the UK’s National Cyber Security Centre is a crucial step in addressing the immediate threat and mitigating future risks.

Preventive Measures and Future Outlook

To combat the ongoing threat of cyberattacks, healthcare organizations must invest in robust cybersecurity measures. This includes regular updates to security protocols, employee training on recognizing phishing attempts, and the implementation of advanced threat detection systems.

Governments and regulatory bodies also play a critical role in setting and enforcing cybersecurity standards. Increased funding for cybersecurity in the healthcare sector, along with stringent regulations, can help protect sensitive patient data and ensure the continuity of essential health services.

As the healthcare sector continues to digitize and integrate more technology into its operations, the importance of cybersecurity will only grow. Proactive measures, combined with rapid response strategies, are essential in safeguarding against the evolving threats posed by cybercriminals.