NHS confirms patient data stolen in cyberattack

25 June 2024 , 11:26
883     0
NHS confirms patient data stolen in cyberattack
NHS confirms patient data stolen in cyberattack

NHS England has confirmed its patient data managed by blood test management organisation Synnovis was stolen in a ransomware attack on 3 June.

Qilin, a Russian cyber-criminal group, shared almost 400GB of private information on their darknet site on Thursday night, something they threatened to do in order to extort money from Synnovis.

In a statement, NHS England said there is "no evidence" that test results have been published, but that "investigations are ongoing".

More than 3,000 hospital and GP appointments were disrupted by the attack.

"Patients should continue to attend their appointments unless they have been told otherwise and should access urgent care as they usually would," NHS England said.

A sample of the stolen data seen by the BBC includes patient names, dates of birth, NHS numbers and descriptions of blood tests, something cyber security expert Ciaran Martin told the BBC was "one of the most significant and harmful cyber attacks ever in the UK."

There are also business account spreadsheets detailing financial arrangements between hospitals and GP services and Synnovis being taken.

The ransomware hackers infiltrated the computer systems of the company, which is used by two NHS trusts in London, and encrypted vital information making IT systems useless.

As is often the case with cyber-criminals, they also downloaded as much private data as they could to further extort the company for a ransom payment in Bitcoin.

It is not known how much money the hackers demanded from Synnovis or if the company entered negotiations. But the fact Qilin has published some, potentially all, of the data means they did not pay.

The cyber-attackers told the BBC on an encrypted messaging service they had deliberately targeted Synnovis as a way to punish the UK for not helping enough in an unspecified war.

In NHS England’s statement it said it "continues to work with Synnovis and the National Crime Agency".

NHS England said it had set up a helpline to support people impacted by the attack and it will continue to share updates, but "investigations of this type are complex and take time".

Editorial Team

Emma Davis

Deputy Editor

Cyber Crime And Hacking, Cyber attacks, Patients, NHS England

Read more similar news:

14.01.2023, 21:29 • News
Patients phoning 111 forced to wait up to 14 hours to speak to a doctor
31.01.2024, 11:05 • News
Are you happy to see a pharmacist instead of a GP? Take poll and have your say
06.02.2024, 15:52 • News
Most prefer to see GP instead of pharmacist in new NHS shake-up - poll results
27.06.2024, 15:42 • News
E.coli outbreak: One person dies and 275 infected from supermarket sandwiches
05.11.2024, 21:29 • News
NHS bosses criticize "rip-off" rates for doctor overtime
02.12.2024, 09:26 • News
Starmer’s NHS plans will turn A&E into a ’war zone,’ bosses warn PM
25.02.2025, 20:33 • News
NHS England Chief Executive Amanda Pritchard is stepping down from her role
26.02.2025, 08:47 • More
Wes Streeting to eliminate thousands of jobs at NHS England following the removal of the chief executive
13.03.2025, 13:24 • News
Keir Starmer abolishes NHS England, reversing Andrew Lansley’s 2012 reorganisation
24.10.2025, 07:27 • News
BMA announces fresh strike action as doctors warn of growing unemployment crisis in NHS