London hospital hackers release stolen blood test data – BBC News

A gang of cybercriminals who caused major disruption at multiple London hospitals have released sensitive data stolen from an NHS blood testing company.

Overnight on Thursday, Qilin shared nearly 400GB of private information on its darknet site.

The gang has been trying to extort money from NHS provider Synnovis since they raided the company on June 3.

Qilin previously told the BBC that they would release the data unless they were paid.

A sample of the data seen by the BBC includes patient names, dates of birth, NHS numbers and descriptions of blood tests. It is not known whether the test results are also in the data.

There are also transactional invoice spreadsheets outlining the financial arrangements between hospitals and GP services and Synnovis.

NHS England told the BBC it was aware of the disclosure but could not be absolutely sure the data shared was genuine.

It said it had “been made aware that the cybercrime group released data last night that they claim belongs to Synnovis and was stolen as part of this attack.”

“We understand that people may be concerned about this, and we continue to work with Synnovis, the National Cyber ​​Security Center and other partners to determine the content of the published files as soon as possible.”

“This includes whether it is data derived from the Synnovis system and, if so, whether it relates to NHS patients.

Synnovis, meanwhile, said: “We know how worrying this development can be for many people. We take this very seriously and analysis of this data has already begun.”

The Synnovis hack has been one of the UK’s worst ever cyber attacks, with more than 3,000 hospital and GP hours and operations affected by disruptions to pathology services.

The ransomware hackers infiltrated the company’s computer systems used by two NHS trusts in London and encrypted critical information rendering IT systems useless.

As is often the case with these gangs, they also downloaded as much private data as they could to further blackmail the company for a Bitcoin ransom.

It is not known how much money the hackers demanded from Synnovis or whether the company entered into negotiations. But the fact that Qilin has released some, possibly all, of the data means they didn’t pay.

Law enforcement agencies around the world regularly encourage victims of ransomware not to pay, as it fuels the criminal enterprise and does not ensure that the criminals do as they promise.

Ransomware expert Brett Callow of Emsisoft said healthcare organizations were increasingly being targeted as the hackers knew they could do a lot of damage and sometimes get a big payday.

“Cybercriminals go where the money is, and unfortunately, the money is in attacking the healthcare industry.” And with United Health Group reportedly paying a $22m (£17.3m) ransom earlier this year, the sector is more exposed than ever,” he said.

On Tuesday night, Qilin spoke to the BBC about the encrypted messaging service, saying they had deliberately targeted Synnovis as a way of punishing Britain for not helping enough in an undeclared war.

Qilin, which has a long-standing record of extortion attempts, claimed in this case that it had launched a cyberattack as a protest.

“We are very sorry for the people who were affected. Hereby we do not consider ourselves guilty and ask you not to blame us in this situation. Blame your government.”

Qilin’s claims of an activist motive are largely met with skepticism.

On their darknet site, they have leaked stolen data from other healthcare organizations, schools, companies and councils around the world for money.

The gang, believed to be based in Russia, like many ransomware crews, would not say where it was.

It said the British government “does not put a penny on the lives of those fighting on the front lines of the free world”, reminiscent of language used to describe Ukraine’s fight against Russian invasion.

But it could also refer to Russian troops fighting against Ukraine.

The group says it chose to target blood testing company Synnovis, which is used by two NHS trusts in London.

“Our citizens are dying in an unequal battle due to lack of medicine and blood transfusions,” it said.

It would be unusual but not unprecedented for Qilin hackers to be in Ukraine, where many alleged ransomware hackers have been arrested in recent months.

Hackers are rarely arrested in Russia, where the government refuses to cooperate with requests from Western police.

Qilin declined to be more specific about his political allegiance or geography “for security reasons.”