In early June, the QILIN hacker group made a large -scale cyberataka for a private company Synnovis, which provides laboratory services to several large hospitals in London. This led to serious malfunctions in the work of medical facilities.
The other day, hackers unexpectedly stated that their actions were a politically motivated protest. In anonymous correspondence with the BBC, they apologized for the inconvenience caused, but did not admit their guilt openly. According to cybercriminals, the attack was made in revenge of the British government for its actions in unnamed military conflict.
As a result of the incident, seven hospitals controlled by two NHS trains were injured. Medical institutions had to be canceled or postponed almost 1600 operations and outpatient methods, including oncological operations and even organs transplantation.
For a long time, the injured company and investigators did not disclose the details of the investigation. Like it has become known now, hackers penetrated into the Synnovis IT system, encrypted files and required redemption of access recovery. It is worth noting that the total amount of the Trust contracts with Synnovis is an impressive figure – almost 1.1 billion pounds, which emphasizes the importance of the company for the healthcare system.
On one of the messages to exchange, the QILIN group published 104 files, each with a volume of 3.7 GB. The publication is accompanied by the Synnovis logo, a description of the company and a link to its official website. According to BBC, the published data may include patient names, date of birth, NHS number. At the moment, it is not known whether there are results of tests among leaked files.
NHS England assured the public that together with the National Cybersecurity Center and other partners, a thorough analysis of the data is carried out to confirm their origin and content. Representatives of the service emphasized the seriousness of the situation: “We understand how disturbing this development of events for many people can be. We treat it extremely seriously.”
Researchers note that the publication of the stolen data usually indicates the refusal of the victim to pay the required ransom. As a rule, attackers require payment in bitcoins for decoding systems or removing stolen information.
The incident once again demonstrates the need to increase the level of cybersecurity in the medical sector, which is becoming an increasingly attractive target for cybercriminals due to the value of information stored in hospitals and clinics.