Lulzsec Hackers Warn NHS Over Security

The hacker group Lulzsec has fired a warning shot across the bows of the NHS over its network security

The NHS is the latest target of hacker group Lulzsec, which said on its Twitter page that it had filched administrative passwords belonging to the health service’s networks.

The group said it emailed the NHS about the security weakness that had allowed the seizure of the passwords.

Pirate-ninjas

“We’re now emailing NHS and informing them of those admin passwords we took months ago,” Lulzsec said in its Twitter posting.

Lulzsec's twitter avatar

The group also posted a picture of an email sent to the NHS, in which it said: “Greetings… we’re a somewhat known band of pirate-ninjas that go by LulzSec. Some time ago, we were traversing the Internet for signs of enemy fleets. While you aren’t considered an enemy – your work is of course brilliant – we did stumble upon several of your admin passwords… We mean you no harm and only want to help you fix your tech issues.”

The NHS has downplayed the incident.

“This is a local issue affecting a very small number of website administrators,” a Department of Health spokesperson told the BBC. “No patient information has been compromised. No national NHS information systems have been affected. The Department has issued guidance to the local NHS about how to protect and secure all their information assets.”

Other recent Lulzsec targets include Nintendo and Sony.

Personal details

The group first made headlines in May when it published a database of more than 70,000 American X Factor contestants’ personal details, including dates of birth and phone numbers.

The incident raises fresh concerns about the security of digital NHS patient data. Last year the Information Commissioner’s Office (ICO) said the NHS had been responsible for almost one-third of all recorded data breaches in the UK over the previous three years.