Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
United Kingdom Security

UK Battles Hacking Wave as Ransomware Gang Claims 'Biggest Ever' NHS Breach (techcrunch.com) 26

The U.K.'s largest NHS trust has confirmed it's investigating a ransomware incident as the country's public sector continues to battle a rising wave of cyberattacks. From a report: Barts Health NHS Trust, which runs five London-based hospitals and serves more than 2.5 million patients, was recently added to the dark web leak site of the ALPHV ransomware gang. The gang, also known as BlackCat, says it has stolen 70 terabytes of sensitive data in what it claims is the biggest breach of healthcare data in the United Kingdom. Samples of the allegedly stolen data, seen by TechCrunch, include employee identification documents, including passports and driver licenses, and internal emails labeled "confidential."

When asked by TechCrunch, a Barts Health spokesperson did not dispute that it was affected by a security incident that involved the exfiltration of data, nor did they dispute the legitimacy of the stolen data samples shared by ALPHV. "We are aware of claims of a ransomware attack and are urgently investigating," the spokesperson, who did not provide their name, told TechCrunch.

This discussion has been archived. No new comments can be posted.

UK Battles Hacking Wave as Ransomware Gang Claims 'Biggest Ever' NHS Breach

Comments Filter:
  • There was a project that span up just after wannacry to bring Linux to the NHS. It was abandoned shortly after sadly. Hopefully someone tactfully said "told you so" to the upper management.

    https://www.nhsbuntu.org/ [nhsbuntu.org]
    https://github.com/NHSbuntu/ww... [github.com]

  • Did they use the same AD database for all the hospitals? I wouldn't be surprised because that's how we got into considerable trouble at work.

  • Centralised data for health care is a brilliant idea up until the point you realise itâ(TM)s run by the lowest bidder.
    • The summary says it is health care data but then all the examples of leaked data are employment / business info. For example emails were leaked. Well in the US anyways you can't send medical information by email, which is why we have to suffer with all these web gateways.
      • by hoofie ( 201045 )

        From what I have seen in my previous experience in Health Systems in the UK and Australia, there is a much stricter security and segregation on any system which contains patient information of any kind compared to normal day to day correspondence. The most patient information you would see on a document would be a surname and a URN identifier which will only yield personal info when you have access to the patient systems.

      • by Bongo ( 13261 )

        People copy documents, emails, etc. to shared drives, as evidence, and I'd guess for this amount of data, they accessed backups. NHS does have their own email system (declared safe for patient information) nhs.net which is Exchange based.
        If it affected several hospitals, maybe whichever company was providing the backup solution and storage. Just guessing.

  • It should be illegal for anyone other than the passport office to store a copy of your passport and it should be illegal for anyone other than the DVLA to store a copy of your driving license etc.

    Otherwise this happens and those IDs become more of a liability then a help.

    • by MrL0G1C ( 867445 )

      OK, since some idiot modded me as troll, let me re-iterate, these things do not need to be stored anywhere other than the original govt servers. Passports and Driving licenses have unique IDs, those could be non-reversably hashed and stored as proof that these have been checked for example for employment laws that require a person can lawfully to work in the country.

      If you disagree then don't be a lazy fuck and mod me as troll, instead, explain why these documents need copies stored anywhere other than on t

  • When I realized that I was being manipulated, A co-worker recommended CYBER GENIE HACK INT'L to me. I did invest with a crypto broker trading site. I was always being asked to pay an unnecessary fee whenever I tried to make or inquire about a withdrawal from the profits I gained from investing. I realized it was a fairytale, and the con artist wouldn’t stop requesting more tokens whenever I pleaded with them to give back all I had invested with them. I realized that I might never get all I had sent th

If I want your opinion, I'll ask you to fill out the necessary form.

Working...