Fraud Management & Cybercrime , Geo Focus: The United Kingdom , Geo-Specific
Qilin Ransomware Group Leaks NHS Data
The Group Published 104 Files It Says Come From NHS Hospitals in LondonA ransomware group late Thursday published information stolen during an attack that's led to disruptions including postponed cancer treatment and organ transplant surgeries at two London National Health Service hospitals.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
The Russian-speaking Qilin ransomware group hit Synnovis, a U.K. provider of medical laboratory services for NHS hospitals, earlier this month. The attack disrupted services at NHS King's College and Guy's and St. Thomas' - forcing the health facilities to reschedule at least 1,500 medical appointments (see: NHS Ransomware Hack: 1,500 Medical Appointments Rescheduled).
On Thursday, hours after Qilin publicly listed Synnovis as its victim on its Tor website, the group posted 3.7 gigabytes of data to its Telegram channel.
"NHS England has been made aware that the cybercriminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack," the hospital spokesperson told Information Security Media Group.
On the group's Telegram channel, the hackers posted around 104 files. The leaked files putatively include blood test data, the BBC reported. Earlier, the NHS Blood and Transplant called for O positive and O negative blood donors to book appointments with the 25 NHS blood donor centers to boost blood supplies in the wake of the hack.
A Synnovis spokesperson did not clarify whether the attackers posted the data after the service refused to pay any ransom. The group reportedly demanded $50 million from Synnovis (see: UK Pathology Lab Ransomware Attackers Demanded $50 Million).
The spokesperson said the company is continuing to investigate the incident along with the NHS and the U.K. National Cyber Security Center.
"This is undoubtedly one of the worst cyberattacks the U.K. has faced in recent history," said Conor Agnew, lead cybersecurity assessor at U.K.-based Closed Door Security. "This recent leak is to apply more pressure on Synnovis and motivate the company into paying while demonstrating the highly sensitive data that Qilin now has in its possession."