Fraud Management & Cybercrime , Geo Focus: The United Kingdom , Geo-Specific

Qilin Ransomware Group Leaks NHS Data

The Group Published 104 Files It Says Come From NHS Hospitals in London
Qilin Ransomware Group Leaks NHS Data
Russian-speaking ransomware hackers published data apparently stolen from a British medical laboratory services provider. (Image: Shutterstock)

A ransomware group late Thursday published information stolen during an attack that's led to disruptions including postponed cancer treatment and organ transplant surgeries at two London National Health Service hospitals.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

The Russian-speaking Qilin ransomware group hit Synnovis, a U.K. provider of medical laboratory services for NHS hospitals, earlier this month. The attack disrupted services at NHS King's College and Guy's and St. Thomas' - forcing the health facilities to reschedule at least 1,500 medical appointments (see: NHS Ransomware Hack: 1,500 Medical Appointments Rescheduled).

On Thursday, hours after Qilin publicly listed Synnovis as its victim on its Tor website, the group posted 3.7 gigabytes of data to its Telegram channel.

"NHS England has been made aware that the cybercriminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack," the hospital spokesperson told Information Security Media Group.

On the group's Telegram channel, the hackers posted around 104 files. The leaked files putatively include blood test data, the BBC reported. Earlier, the NHS Blood and Transplant called for O positive and O negative blood donors to book appointments with the 25 NHS blood donor centers to boost blood supplies in the wake of the hack.

A Synnovis spokesperson did not clarify whether the attackers posted the data after the service refused to pay any ransom. The group reportedly demanded $50 million from Synnovis (see: UK Pathology Lab Ransomware Attackers Demanded $50 Million).

The spokesperson said the company is continuing to investigate the incident along with the NHS and the U.K. National Cyber Security Center.

"This is undoubtedly one of the worst cyberattacks the U.K. has faced in recent history," said Conor Agnew, lead cybersecurity assessor at U.K.-based Closed Door Security. "This recent leak is to apply more pressure on Synnovis and motivate the company into paying while demonstrating the highly sensitive data that Qilin now has in its possession."


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.