Qilin Ransomware Leaks 400GB of NHS and Patient Data on Telegram


On June 3, 2024, as reported by Hackread.com, attackers launched a targeted ransomware attack against Synnovis, a key outsourced lab service provider for NHS hospitals in South-East London.

The perpetrators, identified as the Qilin ransomware gang, claimed to have stolen a trove of hospital and patient data. The gang then demanded $50 million in ransom, threatening to leak the data otherwise. As a result of failed negotiations, the gang has now publicly leaked the entire dataset they had exfiltrated.

Screenshot from the dark web site of the Qilin ransomware (Screenshot: Hackread.com)

In its updated incident report, NHS revealed that King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust were the most severely affected NHS Trusts in this incident. Consequentially, these trusts were forced to postpone 1,294 outpatient appointments and 320 elective procedures.

According to BBC reports, the ransomware incident severely impacted healthcare operations, affecting more than 3,000 hospital and GP appointments and operations due to disruptions in pathology services.

Hackread.com can confirm that The Qilin ransomware gang utilized Telegram to distribute 400GB of sensitive data stolen from Synnovis. This method differs from the typical approach of ransomware groups, who often use dedicated dark web leak sites or publicize their attacks to pressure and shame victims into paying ransom.

Qilin Ransomware Leaks 400GB of NHS and Patient Data on Telegram
Qilin ransomware on Telegram (Screenshot: Hackread.com)

Expert Commentary

Peter Mackenzie, director of incident response at Sophos, commented on the latest development stating, “Unfortunately, healthcare organizations have been—and will continue to be—a prime target for ransomware attacks because the services they provide are so critical to the communities they serve, and this puts pressure on the targets to get back online as fast as possible.”

“We’ve already seen several high-profile ransomware attacks against hospital systems this past year around the world, and Sophos’ most recent State of Ransomware report found that 63% of UK healthcare organisations were hit by ransomware in the last year (although most were able to stop the attack before the data was encrypted),” said Peter.

“Further complicating matters is the rise in supply chain attacks across industries. They are a preferred method of compromise for a number of criminal groups because, as well as being difficult to defend against, they also have a ripple effect, allowing attackers to infiltrate multiple systems at a time,” he explained. “In fact, IT and cyber professionals working in the UK healthcare sector perceive partners and the supply chain to be their single biggest cybersecurity risk.”

According to a legal expert in the use of data in the Health sector, Sarah Tedstone of law firm Fieldfisher, such events are inevitably going to escalate as data becomes more fundamental to patient care and research.

“We are seeing a growing trend in this sector as there is a global push to prioritise the use and sharing of valuable health data to enable innovation in this sector. The pandemic showed that having more and better quality data contributed significantly to collaboration and innovation and we are seeing growth across many sectors including in diagnostic testing, which is contributing to significant health breakthroughs,” she commented.

The data is being analysed but at this point, it is not known if sensitive information such as blood test results could have been published.

“We have seen from other such incidents how distressing this can be to individuals involved. The disclosure of test results can involve very personal information about the individual but also where genetic or genomic information is involved this can infer information about wider family groups,” Sarah added.

It’s also thought confidential financial agreements between the NHS and Synnovis could be published.

“The consequences of such disclosure could be the loss of valuable commercially sensitive information and affect competition in the market resulting in increased cost for the NHS impeding its ability to obtain cost-effective services,” said Sarah.

“Regulators around the world are expressing their concern at repeated health hacks and consequently there have been in the last few years for the first time criminal sanctions laid against the management team in a European health company criticised for its lack of security and response to an incident,” Sarah warned.

The ransomware attack on Synnovis is already highlighting the consequences for healthcare services, disrupting over 3,000 hospital and GP appointments and operations. This breach not only compromises patient confidentiality but also jeopardizes critical medical procedures. It highlights vulnerabilities in healthcare cybersecurity, necessitating urgent measures to safeguard patient data and ensure uninterrupted medical care in the face of escalating cyber threats.

  1. BlackSuit Ransomware Leaks Kansas City Police Data
  2. Black Basta Ransomware Exploited Windows 0-day Before Patch
  3. INC Ransomware Hits NHS Scotland, 3TB of Patient Data at Risk
  4. NHS Psychiatrist Jailed; Dark Web Forum and 7,000 Images Seized
  5. NHS Dumfries and Galloway Faces Cyberattack, Patient Data at Risk





Source link