Data Dump of Patient Records Possible After UK Hospital Breach (apnews.com) 12
An anonymous reader shared this report from the Associated Press:
An investigation into a ransomware attack earlier this month on London hospitals by the Russian group Qilin could take weeks to complete, the country's state-run National Health Service said Friday, as concerns grow over a reported data dump of patient records. Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 attack on NHS provider Synnovis, which provides pathology services primarily in southeast London...
NHS England said Friday that it has been "made aware" that data connected to the attack have been published online. According to the BBC, Qilin shared almost 400GB of data, including patient names, dates of birth and descriptions of blood tests, on their darknet site and Telegram channel... According to Saturday's edition of the Guardian newspaper, records covering 300 million patient interactions, including the results of blood tests for HIV and cancer, were stolen during the attack.
A website and helpline has been set up for patients affected.
NHS England said Friday that it has been "made aware" that data connected to the attack have been published online. According to the BBC, Qilin shared almost 400GB of data, including patient names, dates of birth and descriptions of blood tests, on their darknet site and Telegram channel... According to Saturday's edition of the Guardian newspaper, records covering 300 million patient interactions, including the results of blood tests for HIV and cancer, were stolen during the attack.
A website and helpline has been set up for patients affected.
Who's comfirming the caller? (Score:2)
Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 attack on NHS provider Synnovis...
It doesn't say why appointments are being changed, but I assume this is people maliciously calling the providers, pretending to be the patient, and cancelling their appointments? If so I have to ask how they are verifying the identity of the caller. The summary mentions the date-of-birth being compromised as part of the records. I would hope these health facilities use patient information you can't get from reading old newspapers to confirm the caller is the actual patient before making changes to treatment
Re: (Score:2)
"It doesn't say why appointments are being changed,"
At least one problem is that their IT systems are down and they're now only able to do 1/3 the normal number of blood tests that they were doing.
Even for things as simple as making sure you've got the right blood on hand for a routine operation is becoming difficult. A week or two ago there were requests for O and O -ve blood donors so that they could do operations without having to do blood type tests on patients.
Do you know how to get medical help anonymously? (Score:1)
If someone needs help, I'd like to give it unconditionally. Having to give an ID is reasonable as a shortcut to the problems it's supposed to address, but it's clearly not without its costs.
This is why... (Score:2)
... I believe critical infrastructure, and that includes companies tgst critical infrastructure outsourced to, should be held to very high IT security standards. Three dara breeches in the first five months of the year is way too many.
This is not a mom-and-pop operation, this is a major international firm that one of the world's largest healthcare organisations depended upon.
Their systems should be as close to invulnerable as it is possible to get, but in truth their security clearly has more holes than Swi
But it's not so simple, is it? (Score:2)
Of course this is not OK. Of course security and privacy standards dealing with health data should be extremely high.
The problem is, what are you going to do about it? You can hardly shut down the public health system until it's fixed when the result would literally be people starting to die almost immediately. You can't fine or otherwise penalise the institutions trying to provide vital healthcare services but failing on security when you're already ludicrously underfunding them and they're already being h
Another (Score:5, Informative)
This is at least the third such incident in the last few years.
The current UK government is obsessed with trying to privatise the NHS, even though over 80% of British people want it to remain in public ownership.
It has been cutting the budget in real terms, instigating backdoor outsourcing with crony contacts. Then use failures like this to argue for privatisation.
Before they came to power the NHS was rated #1 healthcare in 9 out of 11 categories, and not lower than 3rd in the other two.
Re: (Score:2)
Yet more left-wing shite. Show me ANY Evidence where the Conservatives have said they want to privatise the NHS as policy - just one bit of evidence.
There has been private operators in the NHS for decades - privately run orthopaedic hospitals; specialist services plus most GP Clinics are privately run and contract to the NHS. That's not to mention the contracting in of private hospitals to provide overflow capacity.
The NHS is a massive money sink and a prime example of how centralised control does not work.
Re: (Score:2)
Yet more left-wing shite. Show me ANY Evidence where the Conservatives have said they want to privatise the NHS as policy - just one bit of evidence.
There has been private operators in the NHS for decades - privately run orthopaedic hospitals; specialist services plus most GP Clinics are privately run and contract to the NHS. That's not to mention the contracting in of private hospitals to provide overflow capacity.
The NHS is a massive money sink and a prime example of how centralised control does not work. The NHS is entirely devolved in Scotland, receives move funding per head yet performs worse than the national average.
The UK needs a serious grown-up conversation about future funding and care models and a system more like France or Australia would be a better future. In Australia if you need a CAT scan as an outpatient you get a form from your doctor and just take it to a local provider who provides services paid for by the government. This means CAT and MRI scanners are everywhere - the idea of having to go to a major hospital just to get a scan of a bad knee is a huge waste of tertiary facility time and resources. However it's not a conversation we can ever have as it would threaten a huge union and activist power base.
Meanwhile the NHS gets worse and worse every year despite funding going up and up every year [again show me NHS funding cuts - they aren't any] and it's at the point where it is now a church to be worshipped where patient outcomes are not the priority.
Oh my poor, misguided Tory boy.
Have you not been paying attention. The very cause of this mess was due to NHS privatisation. The pathology labs that were privatised under the Tories, one of whom was responsible for the breach, Synnovis.
And that, ladies and gentlemen is how they've been trying to privatise the NHS, by piecemeal. Start by getting rid of the ancillary services like pathology and diagnostics. Then you cut back on public spending where there are private alternatives, like dental. Sure ther
Re: (Score:2)
This is at least the third such incident in the last few years.
The current UK government is obsessed with trying to privatise the NHS, even though over 80% of British people want it to remain in public ownership.
It has been cutting the budget in real terms, instigating backdoor outsourcing with crony contacts. Then use failures like this to argue for privatisation.
Before they came to power the NHS was rated #1 healthcare in 9 out of 11 categories, and not lower than 3rd in the other two.
It should be noted the current UK government is expected to the the former UK government on the 5th of July.
Hold the press (Score:2)
This breach is truly concerning. It's alarming how (Score:1)