Gang leaks NHS patient data on the dark web - updated

400GB of names, NHS numbers and blood test details spilled by Qilin

Gang leaks NHS patient data on the dark web

Image:
Gang leaks NHS patient data on the dark web

Ransomware gang Qilin has published sensitive patient data stolen from NHS blood testing supplier Synnovis during a cyber attack two weeks ago.

According to the BBC, the gang published almost 400GB of data on the dark web and shared it via its Telegram channel. The leaked data includes patients' names, dates of birth, NHS numbers and details of blood tests, as well as business financial accounts belonging to Synnovis.

Qilin launched a ransomware attack against Synnovis on 3rd June, locking its IT systems.

Synnovis, a partnership between European firm Synlab, Guy's and St Thomas' Foundation Trust (GSTT) and King's College Trust, is responsible for blood tests, swabs, bowel tests and other crucial services for hospitals across six London boroughs.

"We know how worrying this development may be for many people," Synnovis said in a post on its website on Friday.

"An analysis of this data is already underway. This analysis, run in conjunction with the NHS, the National Cyber Security Centre and other partners, aims to confirm whether the data was taken from Synnovis' systems and what information it contains."

The attack has already led to the cancellation of hundreds of operations and GP and outpatient appointments, particularly in NHS services within the hospitals of its two Trust partners and the South London and Maudsley NHS Foundation Trust, as well as GP services across Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth, according to Synnovis.

Qilin, a ransomware-as a service gang thought to be based in Russia, claimed to have carried out the cyberattack as a protest against the UK for its lack of help in an unnamed conflict, telling the BBC: "Our citizens are dying in unequal combat from a lack of medicines and donor blood."

However, in its two-year history of attacks the group has been motivated by financial gain, so such claims should be treated with a pinch of salt. It has reportedly demanded a ransom payment of £50 million from Synnovis.

Qilin's previous victims include French company Robert Bernard, Australian IT consultancy Dialog, the Victoria Court in Australia and The Big Issue publication.

Update 21st June, 15:00

The Guardian reports that the stolen data published by Qilin contains details of 300 million patient interactions with the NHS and includes results of blood tests for HIV and cancer.