Russian Hackers Of London Hospitals Publish Patient Data

The criminals behind the disruptive ransomware attack that impacted a number of London hospitals, has now published the patient data they stole.

Earlier this month major London hospitals had to cancel operations and blood transfusions after an outside supplier was hit by a cyberattack on 3 June that resulted in the hospitals declaring a “critical incident”.

The issue began after a ransomware attack on a private pathology and diagnostic services provider called Synnovis, that analyses blood tests for these hospitals. It confirmed the cyberattack had resulted in interruptions to many of its pathology services to London hospitals.

Russian hackers

The former and founding head of the National Cyber Security Centre (NCSC), Ciaran Martin, said at the time that the Russian criminal gang Qilin was behind the ransomware attack that impacted seven hospitals run by two NHS trusts.

The seven hospitals concerned included Guy’s, St Thomas’ and King’s College as well as the Evelina children’s hospital, Royal Brompton and Harefield specialist heart and lung hospitals and also the Princess Royal hospital in Orpington.

These hospitals suffered serious disruption to their services and had to cancel 1,600 operations and outpatient appointments, and were unable to carry out blood transfusions.

Indeed, so serious was this issue that the NHS this week was forced to call for donations of O-type blood.

O-type blood is known as the universal blood type and is safe to use for all patients.

It is used in emergencies or when a patient’s blood type is unknown.

UK support for Ukraine

Earlier this week the Russian criminal gang Qilin spoke to the BBC on the encrypted chat service qTox, in an attempt to justify the attack as a form of geopolitical protest.

Qilin reportedly claimed it had carried out a cyber-attack as revenge for the UK government’s actions in an undisclosed war.

The UK was one of the first countries to support Ukraine in its fight against Russia’s illegal invasion of its territory.

Patient data published

But now Qilin has gone one step further, and after its demands for £40m ransom were not met, it published 400GB of the private information stolen from Synnovis on their darknet site, various media outlets have reported.

A sample of the data seen by the BBC includes patient names, dates of birth, NHS numbers and descriptions of blood tests. It is not known if test results are also in the data.

There are also business account spreadsheets detailing financial arrangements between hospitals and GP services and Synnovis.

Other media outlets have reported that Qilin has claimed that it stole over 1TB worth of Synnovis’ data.