A Million British Medical Patient Records Hacked

Uploaded on 2023-07-18 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The UK’s National Health Service (NHS) has disclosed the personal information and other details on over a million patients have been compromised, senior health chiefs have been warned.

This follows a recent ransomware attack on the University of Manchester (UoM) which affected an NHS patient data set that holds information on 1.1 million patients across 200 hospitals. 

Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes.  

The information, which includes records of major trauma patients across the country and people treated after terror attacks, was gathered by the university for research purposes. In its warning to health officials, the university said it did not know how many patients were affected or whether names had also been hacked. The university said that some systems were affected or were running slower than normal. The student accommodation system, for instance, was not available as of 23 June.

The data that had been collected by the hacker includes name and contact details, next of kin information, ID numbers, study details, ethnicity, and even disability codes in some cases. An NHS document has shown that the university’s back-up servers were accessed, but it is not known who was behind the attack. 

As a result of the incident, NHS chiefs were warned by UoM that there is “potential for NHS data to be made available in the public domain” and the data set has since been closed. Some patients will not know they are on the database, launched in 2012, as they did not need to give consent to be recorded on it. 

In an unrelated incident on August 5 last year, a separate hack led to the outage of software used to access patient data across NHS 111, a dozen mental health trusts, community hospitals and out-of-hours GP services. The outage lasted weeks and has caused sever safety problems such as patients being prescribed the wrong dose of medication and clinicians being unable to properly assess mentally unwell patients. 

Healthcare is the riskiest industry and this is partly due to the level of connectivity needed for medical services, where sensitive data moves from medical devices and workstations to internal servers, sometimes to external services and then to patients or doctors. 

Head of Security Research at ForescoutDaniel Dos Santos, commented “Besides the data risks, healthcare organisations need to pay attention to the diversity of devices within their environment. Whether it’s an IT, IoT, OT or IoMT device – neglecting its specific needs can serve as an entry point for attackers. Inventorying, assessing the risk and ensuring compliance of these devices are important first steps to guarantee their security, which can then be followed by monitoring the network to detect and respond to threats in real time.”

Between 2022 and 2023, the global healthcare sector saw over 11 million ransomware attempts and over 271 million intrusion attacks, according to research by cyber security company SonicWall. Their research found that encrypted threats had risen by 35% and Internet of Things malware by 33% since the beginning of 2022.

Digital Health:     SonicWall:     Independent:    Verdict:     DataBreaches:   CybersecurityConnnect

You Might Also Read: 

Progress Software Has Critical Hacking Vulnerabilities:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Spy Agency Was Hacked 20 Years Ago
A Perfect Storm For Cybercrime »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

FixMeStick

FixMeStick

FixMeStick is a virus removal device, a USB key that removes malware conventional antivirus software often can’t detect.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

HCC Embedded

HCC Embedded

HCC’s mission is to ensure that data stored or communicated by an embedded IoT application is secure, safe and reliable.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo is the UK’s largest cloud and cyber security event.

Synamic Technologies

Synamic Technologies

Synamic Technologies was founded in 2018 as a start-up to automate cyber security processes. Our CISOSCOPE product automates vulnerability management, risk management and compliance.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

CyberHub

CyberHub

CyberHub is an educational platform that offers professional courses and knowledge sharing through articles and videos to help students discover their potential in cybersecurity.

NetHope

NetHope

NetHope is a membership-based organization serving the international nonprofit humanitarian, development, and conservation sector through digital transformation.

Fusion5

Fusion5

Fusion5 is a leading ANZ Business Services and IT Solutions provider. Our customers trust us to make their potential reality by providing advisory, IT project deployment, and managed services.

Qwiet AI

Qwiet AI

At Qwiet AI we enable you to prevent cyberattacks by securing code from the start. Secure code in three steps.