Ransomware group threatens to publish NHS trust's data
Black Cat hackers claim that the data obtained from Barts Health NHS Trust represents the 'more bigger leak from the health care system in UK'
Notorious cybercrime gang ALPHV, also known as BlackCat, has claimed to have successfully breached Barts Health NHS Trust and acquired seven terabytes of internal documents from its systems.
The hackers are now threatening to release a significant amount of the trust's confidential data unless their demands are fulfilled.
Barts Health NHS Trust is responsible for overseeing a group of hospitals and clinics in London, including St Bartholomew's, the Royal London, Mile End, Whipps Cross and Newham.
As one of the largest hospital groups in the UK, the hospitals managed by Barts Health cater to approximately 2.5 million individuals, according to the Trust's website.
On Friday, BlackCat claimed that they had gained access to employees' personal data, such as CVs, along with financial information that includes credit card details. Additionally, they claimed to have acquired "citizens' confidential documents."
The gang released some files that it said were stolen from Barts Health. This collection included copies of employees' driving licences and passports, as well as internal emails and confidential correspondence.
On their dark web page, the hackers made a claim in broken English that the data obtained from Barts Health represented the "more bigger leak from the health care system in UK."
Interestingly, the gang did not mention an encryption key, suggesting that they have not encrypted the information they acquired.
According to Brett Callow, a threat analyst from the cybersecurity firm Emsisoft, initial indications point towards the gang not having implemented ransomware at this stage.
"Had ransomware been deployed, the disruption would likely have been noticeable - and possibly very significant," he said.
Callow added that it is possible that the hacking gang made a deliberate decision to forgo the use of their ransomware, or it is also possible that Barts Health detected and successfully blocked the encryption aspect of the attack.
The warning issued by the group raises concerns about the potential exposure of private data belonging to around 2.5 million patients on the dark web.
BlackCat has set a deadline of Monday before they commence publishing the information.
The trust has acknowledged the claims regarding a ransomware attack and has stated that they are currently conducting an investigation into the matter.
BlackCat hackers primarily communicate in Russian, and they have been actively operating since November 2021.
This group is recognised as one of the most advanced malware operators, having reportedly targeted and compromised approximately 200 organisations from November 2021 to September 2022.
It is known for recruiting affiliates through cybercrime forums who effectively rent out their ransomware for hacking companies and organisations.
The attack on Barts Health NHS Trust coincides with recent reports of another cyberattack on the University of Manchester, where the personal information of over a million NHS patients was allegedly compromised.
The university had collected NHS patients' information from over 200 hospitals for medical research purposes, specifically focusing on reports related to major-trauma patients nationwide and the treatment provided to victims of terrorist attacks.
The leaked information is said to include details such as NHS numbers and the first three letters of patients' postcodes.
The University of Manchester disclosed that it had fallen victim to a cyberattack in June. Cybercriminals were able to access the data of both current and former students, including names, contact information, addresses, university IDs and demographic data.
Hackers said they stole seven terabytes of data, including confidential personal information from students and staff, research data, medical data, drug test results, databases, HR documents, finance documents, and more.
The university has not disclosed any details regarding the suspected identity of the threat actors or the specific nature of the attack.