You are currently viewing Hack in Healthcare: Cybercriminal Gang Publishes Confidential NHS Patient Data
Telemedicine cybersecurity concept data 3D Illustration

A recent cyberattack on London hospitals has caused massive disruptions in their operations and marked a new chapter in the history of cybercrime in the UK. The cybercriminal gang known as Qilin hacked Synnovis, an NHS supplier specializing in blood tests, and stole confidential patient data.

What Happened?

Взлом – Бесплатные иконки: безопасность

On Thursday night, Qilin published nearly 400GB of personal information on their darknet site. Since the hack on June 3rd, the gang has been trying to extort money from Synnovis. The stolen data includes patient names, dates of birth, NHS numbers, and descriptions of blood tests. It is not yet known if test results are included in the published data.

 

Scale of the Consequences

Shocked Man Panic Horror Stress Concept: стоковая векторная графика (без лицензионных платежей), 1015881493 | Shutterstock

The cyberattack has led to the disruption of over 3,000 hospital and GP appointments and operations. Among those affected is a teenager undergoing cancer treatment. His parents were in a state of « disbelief » when they learned that his operation to remove a tumor on his ribs was delayed.

Expert Reactions

Карикатура на мальчика с множеством вещей в голове. Чрезмерное мышление, концептуальное изображение эмоций. | Премиум векторыCybersecurity expert Ciaran Martin called this attack « one of the most significant and harmful cyberattacks in the UK. » He noted that it could take several months to restore the systems. Martin, the former head of the National Cyber Security Centre and now a professor at Oxford University, emphasized that Qilin’s motives are purely financial, despite their claims of political motives.

 

Response Measures and Next Steps

Карикатура на умную деловую женщину, держащую большой ключ, чтобы разблокировать блокнот метафора для решения проблем и доступности бизнеса непрерывное линейное искусство | Премиум векторы

NHS England reported that they are aware of the data publication but cannot fully verify its authenticity. Nevertheless, the organization continues to work with Synnovis, the National Cyber Security Centre, and other partners to determine the content of the published files as quickly as possible.

Synnovis, in turn, stated that they take this situation very seriously and have already begun analyzing the leaked data. The ransomware hackers infiltrated the company’s computer systems, encrypting vital information and rendering IT systems useless. They also downloaded a large amount of personal data to further extort the company for a ransom payment in Bitcoin.

Expert Opinions

Brett Callow of Emsisoft noted that cybercriminals are increasingly targeting healthcare organizations, knowing they can cause significant harm and sometimes receive a substantial payout. Cybercriminals go where the money is, and the healthcare sector has become a prime target after United Health Group allegedly paid a $22 million ransom earlier this year.

Preventing Future Cyberattacks

This attack underscores the need to strengthen cybersecurity measures in healthcare. Here are the main steps to prevent similar incidents in the future:

     1. Enhancing IT Security Infrastructure

    • Advanced Firewalls and Intrusion Detection Systems: Implement advanced firewalls and intrusion detection systems to monitor and block unauthorized access attempts.
    • Regular Security Audits: Conduct frequent and thorough security audits to identify and eliminate vulnerabilities in IT infrastructure.
    • Encryption: Ensure that all confidential data is encrypted both in transit and at rest to protect against unauthorized access.

     2. Employee Training and Awareness

    • Regular Training Programs: Conduct regular training sessions for all employees on best cybersecurity practices, including recognizing phishing attacks and other common cyber threats.
    • Phishing Simulations: Conduct phishing attack simulations to test employee responses and strengthen skills.
    • Security Policies: Develop and strictly enforce comprehensive security policies that define acceptable use of IT resources and data protection standards.

    3.  Multi-Factor Authentication (MFA)

    • Implementing MFA: Require the use of multi-factor authentication for access to all confidential systems and data. This adds an extra layer of protection beyond passwords.
    • Regular Updates: Ensure regular updates and maintenance of MFA systems to counter new threats.

    4. Data Backup and Recovery

    • Frequent Data Backups: Regularly create backups of all critical data and ensure secure storage and easy access in case recovery is needed.
    • Recovery Plans: Develop and test data recovery plans to minimize downtime and data loss in the event of an attack.

    5. Collaboration with Cybersecurity Experts

    • Consulting Professionals: Regularly engage cybersecurity experts to assess current protection measures and develop improvement strategies.
    • Information Sharing: Actively participate in sharing information about cyber threats with other healthcare organizations and national cybersecurity centers.

    6. Emergency Action Plan

    • Developing a Response Plan: Create and regularly update an action plan for responding to cyberattacks, including specific steps to neutralize threats and restore systems.
    • Drills and Simulations: Periodically conduct drills and simulations of cyberattacks to practice response plans and improve team coordination.

This attack demonstrates how vulnerable healthcare systems are to cyber threats. Law enforcement agencies worldwide regularly urge victims of ransomware not to pay, as it fuels criminal activity and does not guarantee that criminals will keep their promises. It is important to continue improving cybersecurity measures to protect patient data and prevent similar incidents in the future.

This case serves as a reminder of the need for increased attention to cybersecurity in healthcare and other critical sectors. It is essential for organizations and their partners to continuously work on improving their security systems and be prepared for potential threats.

Sources: 

  1. https://www.bbc.com/news/articles/c9ww90j9dj8o
  2. https://www.england.nhs.uk/london/
  3. https://www.ncsc.gov.uk/
  4. https://www.ncsc.gov.uk/blog-post/ncsc-cyber-security-training-for-staff-now-available
  5. https://www.forbesindia.com/media/images/2023/Apr/img_206139_cyberattack.jpg

Laisser un commentaire

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.