Threat Actor: Qilin Ransomware | Qilin Ransomware
Victim: Synnovis | Synnovis
Price: Not disclosed
Exfiltrated Data Type: Personal and medical information
Key Points :
- The ransomware attack occurred in June and disrupted operations at several NHS hospitals in London.
- Over 900,000 individuals had their personal information published online following the attack.
- The leaked data included sensitive medical information, such as histology tests and clinical analysis results.
- Data released by Qilin contained patient names, dates of birth, NHS numbers, and personal contact details.
- Synnovis is a partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust.
- In August, Synnovis obtained a preliminary injunction against the Qilin ransomware group to prevent further data publication.
- Following the injunction, Telegram blocked the channel used by the Qilin ransomware gang to leak the stolen data.
The personal information of a million individuals was published online following a ransomware attack that in June disrupted NHS hospitals in London.
In June, a ransomware attack on pathology and diagnostic services provider Synnovis has severely impacted the operations at several major NHS hospitals in London. The attack forced the impacted hospitals to cancel some healthcare procedures, in some cases, patients were redirected to other hospitals.
Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.
In a post published on its website, Synnovis disclosed it was the victim of a ransomware attack.
CaseMatrix researchers told Recorded Future News that personal information of a million individuals was published online following the June ransomware attack.
“People with symptoms of sensitive medical conditions, including cancer and sexually transmitted infections, are among almost a million individuals who had their personal information published online following a ransomware attack that disrupted NHS hospitals in London earlier this year, according to an analysis shared with Recorded Future News.” reported Recorded Future News.
CaseMatrix is the only firm that assessed the number of individuals impacted by the security breach. The company reported that over 900,000 individuals were impacted by the security breach.
NHS England and Synnovis have not provided official counts or details on the compromised data.
On June, the Qilin ransomware gang published the stolen data on its Tor leak site.
CaseMatrix reported that the dataset released by Qilin contained 1.29 million entities, including duplicates. The company also acknowledged a 2-3% error rate.
Leaked data includes sensitive information, including patients’ histology tests and clinical analysis results.
The leaked data includes patient names, dates of birth, NHS numbers, and in some cases, personal contact details. It also includes pathology and histology forms, which often describe symptoms of intimate and private medical conditions shared between medical departments and institutions.
“We are not in a position to comment on or confirm the validity or accuracy of analysis carried out by other parties, nor can we verify whether the data examined by these parties is in fact related to this incident.” reads a statement published by Synnovis.
In August, Synnovis obtained a preliminary injunction from the English High Court against the Qilin ransomware group, Telegram, and a leak site to prevent the publication of stolen data. However, such injunctions are hard to enforce due to defendants often being in unreachable jurisdictions, they allow the victims to notify platforms like Telegram and ISPs to remove the stolen data.
In this case, following this injunction, Telegram blocked the channel used by Qilin ransomware gang to leak the data stolen from the victims.
Synnovis said the action aimed to reassure patients and employees and limit the misuse of the stolen information.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)