Intelligence officials are investigating a potential Russian cyber attack on an NHS trust with 2.5 million patients.
A notorious ransomware gang has claimed to have stolen huge quantities of sensitive data from Barts Health NHS Trust and given a deadline of Monday before it starts publishing the information.
BlackCat, also known as ALPHV, claimed on Friday to have gained access to employees’ personal data, such as CVs, as well as financial information including credit card details.
It also said it had “citizens’ confidential documents”.
It is unclear whether this refers to patient information, or if the group has successfully hacked the trust.
However, it raises the prospect of those among Barts’ approximately 2.5 million patient population having their private data released on the dark web.
On Friday the trust, which includes six hospitals and ten clinics in East London, said it was “urgently investigating” the claims.
The Telegraph understands that The National Cyber Security Centre, part of GCHQ, is also investigating.
Ransomware attacks use software to either steal or deny the owner access to digital information.
Attackers will sometimes encrypt the files and demand payment in return for a decryption key.
In 2017 the NHS was badly hit by the massive global “Wannacry” ransomware attack, which brought the health service to a standstill for several days, forcing the frantic relocation of critical patients from stricken hospitals.
BlackCat said it had copied 7 terabytes of data, equivalent to the information that could be stores on more than 10,000 CDs.
However, the gang did not mention an encryption key.
Experts suggested this could indicate that the gang has not encrypted the information and is hoping for a rapid payout by the Trust, which is an increasingly common tactic.
It comes in the same week that details of more than a million NHS patients were reportedly compromised in a cyberattack on the University of Manchester.
The information included records of major trauma patients across the country, including those who had been treated after terror attacks.
It had been gathered by the university for research purposes.
BlackCat was first detected in 2021 and is regarded as one of the most sophisticated malwares, with those behind it reportedly compromising roughly 200 organisations between November 2021 and September 2022.
The gang is known to seek to extort their victims in multiple ways, such as making individual ransom demands for the decryption of infected files, for not publishing stolen data, and for not launching a denial of service attack.
Jon DiMaggio, chief security strategist at Analyst1, explained how the criminal group might exploit the data if they have successfully stolen it.
“It’s unfortunate, but what they will do is repurpose that data for identity theft for financial purposes,” he told Tech Monitor.
“They’re going to want to use it for obtaining new lines of credit, credit cards, loans.
“There are all sorts of financial scams they can do with it.”
A spokesman for Barts Health NHS Trust said: “We are aware of claims of a ransomware attack and are urgently investigating.”
Again underfunding and lack of understanding of the it role in NHS is showing how susceptible to outside malicious interference.
But don’t worry, most of the countries infrastructure is running Windows 98, me and xp, I’m sure that can’t go wrong…
Let’s send double the amount of stormshadows. Let’s increase our assistance.
For every instance, every crime, every single injustice let’s donate more and more of our advanced toys and the training to get the most out of these gifts.
Let’s not forget these orcs launched chemical/ biological weapons on our soil.
Does that mean the Russians now know about my ingrowing toenail I had removed last year?
NHS.net isn’t even hosted in the UK so yeh I’m sure this is true
Reading their text, this seems like BS and a generic text copy and pasted that’s targeted at US companies. A few giveaways
SSNs – we don’t have these in the UK
CVs – all job applications are sent through Trac to the NHS. We don’t receive CVs.
DLs and IDs – Not generally kept on file but it’s possible.
Loans Data – huh?
Then it talks about client information, we don’t have clients, and claims to have their credit card information… I mean I shouldn’t have to explain this right…
6 comments
Article by: Henry Bodkin
Non-paywall url: https://archive.ph/fF0zf
Full text below:
———–
Intelligence officials are investigating a potential Russian cyber attack on an NHS trust with 2.5 million patients.
A notorious ransomware gang has claimed to have stolen huge quantities of sensitive data from Barts Health NHS Trust and given a deadline of Monday before it starts publishing the information.
BlackCat, also known as ALPHV, claimed on Friday to have gained access to employees’ personal data, such as CVs, as well as financial information including credit card details.
It also said it had “citizens’ confidential documents”.
It is unclear whether this refers to patient information, or if the group has successfully hacked the trust.
However, it raises the prospect of those among Barts’ approximately 2.5 million patient population having their private data released on the dark web.
On Friday the trust, which includes six hospitals and ten clinics in East London, said it was “urgently investigating” the claims.
The Telegraph understands that The National Cyber Security Centre, part of GCHQ, is also investigating.
Ransomware attacks use software to either steal or deny the owner access to digital information.
Attackers will sometimes encrypt the files and demand payment in return for a decryption key.
In 2017 the NHS was badly hit by the massive global “Wannacry” ransomware attack, which brought the health service to a standstill for several days, forcing the frantic relocation of critical patients from stricken hospitals.
BlackCat said it had copied 7 terabytes of data, equivalent to the information that could be stores on more than 10,000 CDs.
However, the gang did not mention an encryption key.
Experts suggested this could indicate that the gang has not encrypted the information and is hoping for a rapid payout by the Trust, which is an increasingly common tactic.
It comes in the same week that details of more than a million NHS patients were reportedly compromised in a cyberattack on the University of Manchester.
The information included records of major trauma patients across the country, including those who had been treated after terror attacks.
It had been gathered by the university for research purposes.
BlackCat was first detected in 2021 and is regarded as one of the most sophisticated malwares, with those behind it reportedly compromising roughly 200 organisations between November 2021 and September 2022.
The gang is known to seek to extort their victims in multiple ways, such as making individual ransom demands for the decryption of infected files, for not publishing stolen data, and for not launching a denial of service attack.
Jon DiMaggio, chief security strategist at Analyst1, explained how the criminal group might exploit the data if they have successfully stolen it.
“It’s unfortunate, but what they will do is repurpose that data for identity theft for financial purposes,” he told Tech Monitor.
“They’re going to want to use it for obtaining new lines of credit, credit cards, loans.
“There are all sorts of financial scams they can do with it.”
A spokesman for Barts Health NHS Trust said: “We are aware of claims of a ransomware attack and are urgently investigating.”
—–
Also:
– https://finance.yahoo.com/news/hacking-gang-blackcat-says-stole-152048082.html
– For the security researchers out there, you can go to the Alphv leak website and confirm that Barts Health NHS Trust is on there. Added this morning.
Again underfunding and lack of understanding of the it role in NHS is showing how susceptible to outside malicious interference.
But don’t worry, most of the countries infrastructure is running Windows 98, me and xp, I’m sure that can’t go wrong…
Let’s send double the amount of stormshadows. Let’s increase our assistance.
For every instance, every crime, every single injustice let’s donate more and more of our advanced toys and the training to get the most out of these gifts.
Let’s not forget these orcs launched chemical/ biological weapons on our soil.
Does that mean the Russians now know about my ingrowing toenail I had removed last year?
NHS.net isn’t even hosted in the UK so yeh I’m sure this is true
Reading their text, this seems like BS and a generic text copy and pasted that’s targeted at US companies. A few giveaways
SSNs – we don’t have these in the UK
CVs – all job applications are sent through Trac to the NHS. We don’t receive CVs.
DLs and IDs – Not generally kept on file but it’s possible.
Loans Data – huh?
Then it talks about client information, we don’t have clients, and claims to have their credit card information… I mean I shouldn’t have to explain this right…