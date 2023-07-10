



The UK’s largest NHS Trust has confirmed that it is investigating ransomware incidents as the UK’s public sector battles an ever-increasing wave of cyberattacks.

London-based Barts Health NHS Trust, which operates five hospitals and serves more than 2.5 million patients, was recently added to the dark web leak sites of the ALPHV ransomware gang. The gang, also known as the BlackCat, said they stole 70 terabytes of sensitive data in what they claim is the UK’s largest healthcare data breach.

Samples of allegedly stolen data that TechCrunch saw included employee IDs, including passports and driver’s licenses, as well as internal emails marked confidential.

When questioned by TechCrunch, a Barts Health spokesperson did not dispute that they were affected by the security incident involving the data breach, nor did they dispute the legality of the stolen data samples shared by ALPHV. We are aware of claims of a ransomware attack and are urgently investigating, an unnamed spokesperson told TechCrunch.

ALPHV, which first listed Barts Health on June 30, wrote that the NHS Trust had three days to contact the gang to prevent its data from being released. [sic] confidential documents. At the time of writing, the full archive of the allegedly stolen data has not been published.

This is the second breach of NHS data in recent weeks. As first reported by The Independent, a June ransomware attack on the University of Manchester in England saw hackers access an NHS data set holding information on 1.1 million patients in 200 hospitals. According to the report, compromised data collected by the university for research purposes included the first three letters of the NHS number and patient zip code.

When asked by TechCrunch, Manchester University spokesman Ben Robinson declined to comment on the reported NHS data theft, but confirmed the university had experienced a security incident that led to data exfiltration from its systems.

We accessed our systems on June 23rd and confirmed that student and alumni data had been copied. Robinson said the individual was informed about this cyber incident and offered support and advice to further protect their data. Our in-house data experts and external support team are working around the clock to resolve this incident and respond to its impact and cannot comment further at this stage.

The UK’s cybersecurity agency, the National Cyber ​​Security Centre, is investigating the case. NHS England declined to comment.

cyberattack aftermath

The UK’s public sector has been battling a wave of cyberattacks in recent months.

UK telecommunications regulator Ofcom recently confirmed that the Clop ransomware gang was among the organizations victimized by the University of the West of Scotland (UWS) for mass exploitation of a security flaw in Progress Softwares MOVEit Transfer managed file transfer service. ) confirmed to be experiencing an ongoing cyber incident, but with more details.

One of the largest cyber incidents affecting the UK public sector was caused by a May ransomware attack on Capita, a UK outsourcing giant that provides critical services to the UK government.

As a result of the alleged attacks by the Black Basta ransomware group, more than 90 organizations reported personal information leaks. This included the UK’s largest private pension provider, the Universities Superannuation Scheme (USS), which said the personal information of nearly 500,000 members was held on servers accessed during the breach.

Last week, Capita confirmed that its own pension fund was also affected by the cyberattack. In a letter shared with The Times, Capita told its employees three months after the breach that it “has identified evidence that the following personal data relating to you is within data that has been compromised and/or copied from Capita’s systems.”

When asked by TechCrunch, Capita did not dispute the report, but did not say how many of its 61,000 employees were affected or what types of data it had access to.

A Capita spokesperson, speaking on condition of anonymity, told TechCrunch that Capita was working closely with professional advisors and forensic experts to investigate the case and that it had taken extensive steps to recover and protect the data. This is a complex investigation and the process is ongoing. We continue to inform those affected.

Just days after news of the Capita leak broke, TechCrunch reported that the company had suffered a second security incident after discovering that Capita had exposed a lot of data online over a seven-year period. Capita told TechCrunch that the unsecured Amazon-hosted storage buckets, which contain approximately 3,000 files totaling 655 GB in size, contain information such as release notes and user guides that are regularly published alongside software releases in accordance with standard industry practice.

However, many UK parliamentarians have since confirmed that the incident exposed residents’ sensitive data to the public internet.

