A Million British Medical Patient Records Hacked

Uploaded on 2023-07-18 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Health & Welfare

The UK’s National Health Service (NHS) has disclosed the personal information and other details on over a million patients have been compromised, senior health chiefs have been warned.

This follows a recent ransomware attack on the University of Manchester (UoM) which affected an NHS patient data set that holds information on 1.1 million patients across 200 hospitals. 

Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes.  

The information, which includes records of major trauma patients across the country and people treated after terror attacks, was gathered by the university for research purposes. In its warning to health officials, the university said it did not know how many patients were affected or whether names had also been hacked. The university said that some systems were affected or were running slower than normal. The student accommodation system, for instance, was not available as of 23 June.

The data that had been collected by the hacker includes name and contact details, next of kin information, ID numbers, study details, ethnicity, and even disability codes in some cases. An NHS document has shown that the university’s back-up servers were accessed, but it is not known who was behind the attack. 

As a result of the incident, NHS chiefs were warned by UoM that there is “potential for NHS data to be made available in the public domain” and the data set has since been closed. Some patients will not know they are on the database, launched in 2012, as they did not need to give consent to be recorded on it. 

In an unrelated incident on August 5 last year, a separate hack led to the outage of software used to access patient data across NHS 111, a dozen mental health trusts, community hospitals and out-of-hours GP services. The outage lasted weeks and has caused sever safety problems such as patients being prescribed the wrong dose of medication and clinicians being unable to properly assess mentally unwell patients. 

Healthcare is the riskiest industry and this is partly due to the level of connectivity needed for medical services, where sensitive data moves from medical devices and workstations to internal servers, sometimes to external services and then to patients or doctors. 

Head of Security Research at ForescoutDaniel Dos Santos, commented “Besides the data risks, healthcare organisations need to pay attention to the diversity of devices within their environment. Whether it’s an IT, IoT, OT or IoMT device – neglecting its specific needs can serve as an entry point for attackers. Inventorying, assessing the risk and ensuring compliance of these devices are important first steps to guarantee their security, which can then be followed by monitoring the network to detect and respond to threats in real time.”

Between 2022 and 2023, the global healthcare sector saw over 11 million ransomware attempts and over 271 million intrusion attacks, according to research by cyber security company SonicWall. Their research found that encrypted threats had risen by 35% and Internet of Things malware by 33% since the beginning of 2022.

Digital Health:     SonicWall:     Independent:    Verdict:     DataBreaches:   CybersecurityConnnect

You Might Also Read: 

Progress Software Has Critical Hacking Vulnerabilities:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Spy Agency Was Hacked 20 Years Ago
A Perfect Storm For Cybercrime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

Ipsidy

Ipsidy

Our identity platform enables mobile users to more easily authenticate their identity to a mobile phone or portable device of their choosing.

FRSecure

FRSecure

FRSecure is a full-service information security management company that protects sensitive, confidential business information from unauthorized access, disclosure, distribution and destruction.

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

Phakamo Tech

Phakamo Tech

Phakamo Tech offers a full set of governance, risk, compliance, cybersecurity and Microsoft Cloud services that include consulting, planning, implementation and cyber incident response.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

Strivacity

Strivacity

Strivacity lets brands quickly add secure login and identity management capabilities to their customer-facing applications without tying up an army of developers or consultants to do it.

ReachOut Technology

ReachOut Technology

ReachOut is a transformative approach to IT Security, Support, and Guidance. But we’re more than that. We’re passionate IT experts driven to make solutions to your problems.

ERCOM

ERCOM

Ercom, a subsidiary of the Thales Group, is a French company known for its mobility security solutions.

TisOva

TisOva

TisOva is an innovative cybersecurity startup dedicated to addressing the growing issue of online scams targeting students.