A cybercriminal gang known as Qilin has released nearly 400GB of sensitive data stolen from Synnovis, an NHS blood testing company, following a ransomware attack earlier this month.
The data, which includes patient names, dates of birth, NHS numbers, and descriptions of blood tests, was shared overnight on Thursday on the gang’s darknet site and Telegram channel. This attack has caused significant disruption to multiple hospitals in London.
Qilin, a notorious ransomware group, infiltrated Synnovis’ computer systems on June 3, encrypting vital information and rendering the IT systems useless. Despite attempts to extort money from Synnovis, the gang followed through on their threat to publish the data when their demands were not met.
It remains unclear how much ransom was demanded or whether Synnovis attempted any negotiations. The fact that the data has been published suggests that no ransom was paid. NHS England has acknowledged the breach but stated that they cannot be completely sure that the shared data is genuine.
“We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre, and other partners to determine the content of the published files as quickly as possible,” NHS England said in a statement.
Synnovis has expressed serious concern over the breach. “We know how worrying this development may be for many people. We are taking it very seriously and an analysis of this data is already underway,” the company stated.
The attack has been described as one of the worst cyber-attacks ever in the UK, affecting more than 1,000 hospital and GP appointments and operations due to the disruption of pathology services.
Ransomware attacks on healthcare organizations have been increasing as cybercriminals target sectors where they can cause maximum harm and potentially secure large payouts.
Brett Callow, a ransomware expert from Emsisoft, explained, “Cybercriminals go where the money is, and, unfortunately, the money is in attacking the healthcare sector. And since United Health Group reportedly paid a $22 million ransom earlier this year, the sector is more squarely in the crosshairs than ever before.”
Qilin claimed to have targeted Synnovis as a protest against the UK government’s insufficient assistance in an unspecified conflict. In an encrypted message to the BBC on Tuesday night, the group stated, “We are very sorry for the people who suffered because of it.
Herewith, we don’t consider ourselves guilty, and we ask you don’t blame us in this situation. Blame your government.” However, these claims have been met with skepticism, given Qilin’s history of financially motivated attacks on various global entities, including healthcare organizations, schools, companies, and councils.
Qilin’s motivations and geographical base remain unclear. The group’s rhetoric suggests a connection to the ongoing conflict between Ukraine and Russia, criticizing the UK government for not supporting those “on the front edge of the free world.”
Yet, it is also possible that their comments refer to Russian troops in Ukraine. The gang refused to disclose their political allegiance or location for “security reasons.”
Researchers have indicated that Qilin has previously advertised for hackers to join their ranks on Russian platforms.
While it is rare for ransomware hackers to be arrested in Russia due to the lack of cooperation with Western law enforcement, recent months have seen many alleged ransomware hackers arrested in Ukraine. Qilin’s refusal to specify their location leaves their exact origins ambiguous.
The attack on Synnovis has highlighted the critical vulnerabilities within healthcare IT infrastructure and the dire consequences of such breaches. Law enforcement agencies worldwide continue to urge organizations not to pay ransoms, as doing so fuels the criminal enterprise and offers no guarantee of data recovery or privacy.
As investigations into the breach continue, NHS England and Synnovis are working to assess the full extent of the data leak and its implications for affected patients. The National Cyber Security Centre is involved in efforts to mitigate the damage and prevent further attacks.
This incident serves as a stark reminder of the growing threat posed by cybercriminals and the need for robust cybersecurity measures in protecting sensitive information, particularly within critical sectors like healthcare.
The healthcare sector’s increasing digitalization makes it an attractive target for cybercriminals, underscoring the importance of continued vigilance and investment in cybersecurity defenses.
This article was created using automation technology and was thoroughly edited and fact-checked by one of our editorial staff members
