Alphv Extorts Money from British Healthcare System

The group of cybercriminals known as Alphv or Blackcat has claimed to have hacked one of the largest hospital groups in Great Britain and is threatening to publish its confidential data.

In a statement released on Friday, Alphv announced that it had obtained seven terabytes of internal documents from Barts Health NHS Trust, which oversees five hospitals in London, providing healthcare services to approximately 2.5 million people, according to information from the TRUST website.

Alphv employs ransomware, a type of extortion software that encrypts victims’ computers, rendering them unusable. The group then demands a ransom to unlock the computers and threatens to release the stolen data. However, some hacker groups have started to forgo the extortion code, opting instead to steal data and threaten to publish it if their demands are not met.

It remains uncertain whether Alphv employed its extortion code on the computers of St. Bartholomew’s, The Royal London, Mile End, Whipps Cross, and Newham hospitals in London.

A spokesperson for Barts Health stated, “We are aware of the claims of an extortion attack and are conducting an urgent investigation.”

Brett Callow, a cyberosis analyst at cybersecurity company EMSISOFT, suggested that initial indications suggest that the group did not encrypt the data. He stated, “If the extortion code had been used, the breaches would likely be noticeable and potentially quite serious.” Callow speculated that the group may have chosen not to encrypt the data or that Barts Health had detected and halted part of the attack.

Alphv has published a selection of files that it claims to have stolen from Barts Health. These files include copies of driver’s licenses, passports, internal emails, and correspondence marked as “Confidential.” On their Dark Network page, the hackers described the Barts Health data breach as the “largest leak from the healthcare system in the UK.”

According to a report published last year by researchers from cybersecurity teams at Palo Alto Networks Inc, known as Unit 42, Alphv hackers communicate in Russian and have been active since November 2021. They have targeted companies from various industries, including construction, engineering, retail, transportation, commercial services, insurance, telecommunications, and pharmaceuticals. The Group 42 report also revealed that Alphv engages “partners” on cybercrime forums who rent their extortion code for hacking purposes.

Previously, the group claimed responsibility for compromising the fuel