This is much more than just a simple update, it is a major development in the Synnovis hack case.
Records on 300m patient interactions with NHS stolen in Russian hack
Exclusive: health service scrambling to set up helpline after Qilin gang put stolen data into public domain overnight
Russian hackers have stolen records covering 300m patient interactions with the NHS, including the results of blood tests for HIV and cancer, the Guardian can reveal.
The amount and sensitive nature of the data obtained by the Qilin hacking gang has caused alarm among NHS bosses, who are scrambling to set up a helpline to deal with inquiries from what could be a large number of worried patients and also health service staff.
Seven hospitals run by two NHS trusts were affected by the attack, which targeted Synnovis, a private/NHS joint venture that provides pathology services such as blood tests and transfusions. It is unclear at this stage if the hack involves only hospitals in the trusts or is more widespread.
The NHS’s anxiety about the impact of the attack increased on Friday after Qilin acted overnight on a threat to put stolen NHS data into the public domain, an indication that Synnovis has refused to pay a reported $50m (£40m) ransom.
It is as yet unclear exactly what data, or how much of the haul, the ransomware group has made public. But the stolen data includes details of the results of blood tests conducted on patients having many types of surgery, including organ transplants, or suspected of having a sexually transmitted infection, or who have had a blood transfusion, well-placed sources have disclosed.
In a development that will cause anxiety among patients who have received private healthcare in recent years, Qilin’s haul is understood to include records of tests that people have had at multiple private healthcare providers. It is not clear which private healthcare firms Synnovis – a joint venture between the pathology firm Synlab and two major London acute hospital trusts – works for.
The number of test results in the data that Qilin seized in the hack on 3 June is so huge because it covers tests that patients have had going back a significant number of years, sources say.
The article continues here:
theguardian.com/society/art...
A possibly more technical view at TheRegister:
Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals
Cybercriminals claim they used a zero-day to breach pathology provider’s systems
Connor Jones
Thu 20 Jun 2024 // 10:29 UTC
Interview The ransomware gang responsible for a healthcare crisis at London hospitals says it has no regrets about its cyberattack, which was entirely deliberate, it told The Register in an interview.
Qilin says Synnovis, a partnership between pathology services company Synlab and two London NHS Trusts, wasn't targeted by accident. Asked if it knew a healthcare crisis in the UK capital would ensue as a result of its attack on that organization, should they be successful, a spokesperson for the group said: "Yes, we knew that. That was our goal."
Rest of article here:
theregister.com/2024/06/20/...
Despite the seriousness, my sarcastic side can't help but contrast the lack of access many of us have to our health records with the ability of the Russian hackers to access and publish them.
