Sensitive data from a ransomware attack on an NHS provider has allegedly been published online by a cyber criminal group, NHS England said.
Synnovis, which provides pathology services on blood tests, primarily in south-east London, was the victim of a cyber attack – understood to be carried out by Russian group Qilin – on June 3.
Hundreds of operations and appointments are still being cancelled two weeks after the incident.
According to the BBC, the cyber criminal group shared almost 400GB of data – including patient names, dates of birth, NHS numbers and descriptions of blood tests – on their darknet site and Telegram channel. It is not known if test results are also in the data.
More than 1,130 planned operations and 2,190 outpatient appointments have been postponed at LLondon hospitals, with the King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust hit the hardest.
The Independent previously revealed that thousands of blood test samples were set to be destroyed as a result of the cyberattack, with GP practices in London only able to complete 400 tests out of 10,000 a day.
NHS England has now committed to publishing weekly data on the impact of the cyber attack, after admitting it will take months for hospitals to fully recover from its impact.
In a statement on Friday morning, NHS England said: “NHS England has been made aware that the cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack.
“We understand that people may be concerned by this and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.
“This includes whether it is data extracted from the Synnovis system, and if so whether it relates to NHS patients.
“As more information becomes available through Synnovis’ full investigation, the NHS will continue to update patients and the public.”
More follows on this breaking news story
