UK Hospital Hackers Claim to Publish Stolen NHS Data

Ashleigh Furlong, Bloomberg News

St Thomas' Hospital in London. , Photographer: Belinda Jiao/Getty Images

(Bloomberg) -- The cyber criminals taking credit for the hack on London hospitals earlier this month have published what they claim is stolen data from the attack.

England’s National Health Service said in a statement Friday it was aware that data was leaked overnight, with the hackers claiming it belongs to Synnovis, the pathology provider hit in the June 3 hack.

“We are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible,” said the NHS in a statement. “This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.”

The hackers claiming responsibility published more than 380 gigabytes of data to their channel on messaging app Telegram overnight, Bloomberg News confirmed.

The health service warned that it would take “weeks if not longer” to verify what the leaked files contain, in a further update on Friday.

The data includes patient names, dates of birth, NHS numbers, descriptions of blood tests and financial spreadsheets, according to the BBC.

News that patient data may be in the public domain suggests that Qilin, the Russian-speaking group taking credit for the hack, has not successfully negotiated the $50 million ransom it demanded from Synnovis. It will also further strain the UK’s already overwhelmed health system, which continues to experience significant disruption from the hack and will be under pressure to inform patients if their data has leaked.

The NHS has set up helpline to answer questions and warned patients to be on their guard for scammers.

The attack is being investigated by law enforcement agencies as well as the UK’s data watchdog, the Information Commissioners Office.

Synnovis is a partnership between Synlab UK & Ireland and two publicly funded NHS trusts – Guy’s and St Thomas’ NHS Foundation Trust and the King’s College Hospital NHS Foundation Trust — and provides lab testing services to hospitals and primary care services in London and Kent. Its blood transfusion and blood testing capabilities have been directly impacted since the hack.

Synnovis has given its employees, who remain locked out of the company’s IT systems, access to a web-scanning tool provided by Experian that will notify them of any fraudulent activity using their personal details, according to people familiar with the matter, who asked not to be identified when discussing nonpublic information.

A Synnovis spokesperson declined to comment.

More than 1,000 operations and more than 2,000 appointments were postponed at the two hospital units affected by the attack. The NHS also said that some blood samples not processed before the attack will need to be discarded and redone.

--With assistance from Ryan Gallagher.

(Updates with further details from fifth paragraph)