UK Battles Hacking Wave as Ransomware Gang Claims 'Biggest Ever' NHS Breach

The U.K.'s largest NHS trust has confirmed it's investigating a ransomware incident as the country's public sector continues to battle a rising wave of cyberattacks. From a report: Barts Health NHS Trust, which runs five London-based hospitals and serves more than 2.5 million patients, was recently added to the dark web leak site of the ALPHV ransomware gang. The gang, also known as BlackCat, says it has stolen 70 terabytes of sensitive data in what it claims is the biggest breach of healthcare data in the United Kingdom. Samples of the allegedly stolen data, seen by TechCrunch, include employee identification documents, including passports and driver licenses, and internal emails labeled "confidential."

When asked by TechCrunch, a Barts Health spokesperson did not dispute that it was affected by a security incident that involved the exfiltration of data, nor did they dispute the legitimacy of the stolen data samples shared by ALPHV. "We are aware of claims of a ransomware attack and are urgently investigating," the spokesperson, who did not provide their name, told TechCrunch.

Had their chance

[eneville]

There was a project that span up just after wannacry to bring Linux to the NHS. It was abandoned shortly after sadly. Hopefully someone tactfully said "told you so" to the upper management.

https://www.nhsbuntu.org/ [nhsbuntu.org]
https://github.com/NHSbuntu/ww... [github.com]

Re:

[eneville]

Fact is active directory is the common component in wannacry and petna.

That and windows caching login tokens. Mimikatz still works.

Changing OS in this case would save the country in repairs and actual life since records are available for clinics.

Re:

[conorjh]

Fact is active directory is the common component in wannacry and petna.

it was spread with an SMB exploit

Changing OS in this case would save the country in repairs and actual life since records are available for clinics.

hindsight, 20/20 etc

Re:

[eneville]

Changing OS in this case would save the country in repairs and actual life since records are available for clinics.

hindsight, 20/20 etc

This happened before, happened now, and will happen again. MS Windows AD made poor design choices, stores login tokens and, shock horror, people get mad when their personal data is lost or stolen.

There's no hindsight to speak of, the more likely reason NHS is stuck on MS Windows is that someone at top-tier management has stock investment in MS. Why else?

Re:

[conorjh]

This happened before, happened now, and will happen again. MS Windows AD made poor design choices, stores login tokens and, shock horror, people get mad when their personal data is lost or stolen.

https://en.wikipedia.org/wiki/... [wikipedia.org]
Once more, it exploited SMB not AD...

There's no hindsight to speak of, the more likely reason NHS is stuck on MS Windows is that someone at top-tier management has stock investment in MS. Why else?

because theyre a woefully underfunded public service that has literal life or death consequences to fucking up a windows migration of something like a few million machines, you schizo

Re:

[eneville]

https://en.wikipedia.org/wiki/... [wikipedia.org]
Once more, it exploited SMB not AD...

Interesting, ISTR it was wannacry and/or petna that used the stored token. Or was it wannamine, either way, that's still an unpleasant feature.

because theyre a woefully underfunded public service that has literal life or death consequences to fucking up a windows migration of something like a few million machines, you schizo

Replacing/rebuilding that network is less troublesome somehow?

Is that you billg ?

[terrorubic]

billg [slashdot.org]: “And how exactly would that have changed anything given the biggest vulnerabilities of the last decade have all been in FOSS software?”

It's understandable why you would post anonymously /s

Re:

[Bongo]

Not that I'm an expert, but I agree. Some big factors are simply, motivation and criminal mindsets. Meanwhile, most normal people are not operating their systems, developing their code, and practicing care, in all they do, as if they are in a warzone. Many are not that conscientious. And the workplace dilutes consequences. There's a whole wave of "not really bothered" out there. They don't recognise the need to be really careful, whilst criminals push their own talent and aims to get what they want. Who's g

Same Active Directory database for all?

[Z00L00K]

Did they use the same AD database for all the hospitals? I wouldn't be surprised because that's how we got into considerable trouble at work.

Whoâ(TM)d have seen this coming

[liqu1d]

Centralised data for health care is a brilliant idea up until the point you realise itâ(TM)s run by the lowest bidder.

Re:

[timeOday]

The summary says it is health care data but then all the examples of leaked data are employment / business info. For example emails were leaked. Well in the US anyways you can't send medical information by email, which is why we have to suffer with all these web gateways.

Re:

[hoofie]

From what I have seen in my previous experience in Health Systems in the UK and Australia, there is a much stricter security and segregation on any system which contains patient information of any kind compared to normal day to day correspondence. The most patient information you would see on a document would be a surname and a URN identifier which will only yield personal info when you have access to the patient systems.

Re:

[Bongo]

People copy documents, emails, etc. to shared drives, as evidence, and I'd guess for this amount of data, they accessed backups. NHS does have their own email system (declared safe for patient information) nhs.net which is Exchange based.
If it affected several hospitals, maybe whichever company was providing the backup solution and storage. Just guessing.

Should be illegal

[MrL0G1C]

It should be illegal for anyone other than the passport office to store a copy of your passport and it should be illegal for anyone other than the DVLA to store a copy of your driving license etc.

Otherwise this happens and those IDs become more of a liability then a help.

Re:

[conorjh]

(digital segregation is a common word nowadays since they have no regards for refined cultures as they are not capable and can only use fake name and emotions to fit in).

whos "they"?

Re:

[MrL0G1C]

OK, since some idiot modded me as troll, let me re-iterate, these things do not need to be stored anywhere other than the original govt servers. Passports and Driving licenses have unique IDs, those could be non-reversably hashed and stored as proof that these have been checked for example for employment laws that require a person can lawfully to work in the country.

If you disagree then don't be a lazy fuck and mod me as troll, instead, explain why these documents need copies stored anywhere other than on t

Re:

[dddux]

I just go to MI6 and ask them to help me. Then they send 007 to spy for me.

Crypto Currency Investment Scam Recovery..

[bradleyheatherjoyce]

When I realized that I was being manipulated, A co-worker recommended CYBER GENIE HACK INT'L to me. I did invest with a crypto broker trading site. I was always being asked to pay an unnecessary fee whenever I tried to make or inquire about a withdrawal from the profits I gained from investing. I realized it was a fairytale, and the con artist wouldn’t stop requesting more tokens whenever I pleaded with them to give back all I had invested with them. I realized that I might never get all I had sent th