A Million British Medical Patient Records Hacked

The UK’s National Health Service (NHS) has disclosed the personal information and other details on over a million patients have been compromised, senior health chiefs have been warned.

This follows a recent ransomware attack on the University of Manchester (UoM) which affected an NHS patient data set that holds information on 1.1 million patients across 200 hospitals. 

Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes.  

The information, which includes records of major trauma patients across the country and people treated after terror attacks, was gathered by the university for research purposes. In its warning to health officials, the university said it did not know how many patients were affected or whether names had also been hacked. The university said that some systems were affected or were running slower than normal. The student accommodation system, for instance, was not available as of 23 June.

The data that had been collected by the hacker includes name and contact details, next of kin information, ID numbers, study details, ethnicity, and even disability codes in some cases. An NHS document has shown that the university’s back-up servers were accessed, but it is not known who was behind the attack. 

As a result of the incident, NHS chiefs were warned by UoM that there is “potential for NHS data to be made available in the public domain” and the data set has since been closed. Some patients will not know they are on the database, launched in 2012, as they did not need to give consent to be recorded on it. 

In an unrelated incident on August 5 last year, a separate hack led to the outage of software used to access patient data across NHS 111, a dozen mental health trusts, community hospitals and out-of-hours GP services. The outage lasted weeks and has caused sever safety problems such as patients being prescribed the wrong dose of medication and clinicians being unable to properly assess mentally unwell patients. 

Healthcare is the riskiest industry and this is partly due to the level of connectivity needed for medical services, where sensitive data moves from medical devices and workstations to internal servers, sometimes to external services and then to patients or doctors. 

Head of Security Research at ForescoutDaniel Dos Santos, commented “Besides the data risks, healthcare organisations need to pay attention to the diversity of devices within their environment. Whether it’s an IT, IoT, OT or IoMT device – neglecting its specific needs can serve as an entry point for attackers. Inventorying, assessing the risk and ensuring compliance of these devices are important first steps to guarantee their security, which can then be followed by monitoring the network to detect and respond to threats in real time.”

Between 2022 and 2023, the global healthcare sector saw over 11 million ransomware attempts and over 271 million intrusion attacks, according to research by cyber security company SonicWall. Their research found that encrypted threats had risen by 35% and Internet of Things malware by 33% since the beginning of 2022.

Digital Health:     SonicWall:     Independent:    Verdict:     DataBreaches:   CybersecurityConnnect

You Might Also Read: 

Progress Software Has Critical Hacking Vulnerabilities:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« British Spy Agency Was Hacked 20 Years Ago
A Perfect Storm For Cybercrime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Prosperon Networks

Prosperon Networks

Prosperon Networks support SMB to Enterprise networks through the provisioning of network monitoring software, customisation, consultancy and installation.

Palo Alto Networks

Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate.

Cyber Security Specialists

Cyber Security Specialists

Cyber Security Specialists Limited provide Security services across a wide range of markets, from multi-national Corporate Organisations and Government Agencies, through to smaller Businesses.

UKAS

UKAS

UKAS is the national accreditation body for the UK. The directory of members provides details of organisations offering certification services for ISO 27001.

GlassSquid

GlassSquid

glasssquid.io simplifies your cyber security job search. We want to help you find your next perfect fit opportunity by removing the confusion.

Empiric

Empiric

Empiric is a multi-award winning technology and transformation recruitment agency specialising in data, digital, cloud and security.

Global EPIC

Global EPIC

Global EPIC is an international cybersecurity initiative designed to combat growing world challenges by facilitating global collaboration in the field of cyber security.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

SafeGuard Cyber

SafeGuard Cyber

The SafeGuard Cyber SaaS platform empowers enterprises to adopt the social and digital channels they need to reach customers, while reducing digital risk and staying secure and compliant.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

Research Institute in Secure Hardware and Embedded Systems (RISE)

Research Institute in Secure Hardware and Embedded Systems (RISE)

The UK Research Institute in Secure Hardware and Embedded Systems (RISE) seeks to identify and address key issues that underpin our understanding of Hardware Security.

Theta432

Theta432

THETA432 is a cybersecurity firm that provides 24/7/365 managed prevention, detection, response, Hybrid SOC, cyber defense monitoring services with dynamically defined defense (3D™).

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

Akamai Technologies

Akamai Technologies

Akamai's leading security, compute, and delivery solutions are helping global companies make life better for billions of people, billions of times a day.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

Aim Security

Aim Security

Aim empowers enterprises to unlock the full potential of GenAI technology without compromising security. GenAI makes business better - Aim makes GenAI secure.