A Million British Medical Patient Records Hacked

The UK’s National Health Service (NHS) has disclosed the personal information and other details on over a million patients have been compromised, senior health chiefs have been warned.

This follows a recent ransomware attack on the University of Manchester (UoM) which affected an NHS patient data set that holds information on 1.1 million patients across 200 hospitals. 

Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes.  

The information, which includes records of major trauma patients across the country and people treated after terror attacks, was gathered by the university for research purposes. In its warning to health officials, the university said it did not know how many patients were affected or whether names had also been hacked. The university said that some systems were affected or were running slower than normal. The student accommodation system, for instance, was not available as of 23 June.

The data that had been collected by the hacker includes name and contact details, next of kin information, ID numbers, study details, ethnicity, and even disability codes in some cases. An NHS document has shown that the university’s back-up servers were accessed, but it is not known who was behind the attack. 

As a result of the incident, NHS chiefs were warned by UoM that there is “potential for NHS data to be made available in the public domain” and the data set has since been closed. Some patients will not know they are on the database, launched in 2012, as they did not need to give consent to be recorded on it. 

In an unrelated incident on August 5 last year, a separate hack led to the outage of software used to access patient data across NHS 111, a dozen mental health trusts, community hospitals and out-of-hours GP services. The outage lasted weeks and has caused sever safety problems such as patients being prescribed the wrong dose of medication and clinicians being unable to properly assess mentally unwell patients. 

Healthcare is the riskiest industry and this is partly due to the level of connectivity needed for medical services, where sensitive data moves from medical devices and workstations to internal servers, sometimes to external services and then to patients or doctors. 

Head of Security Research at ForescoutDaniel Dos Santos, commented “Besides the data risks, healthcare organisations need to pay attention to the diversity of devices within their environment. Whether it’s an IT, IoT, OT or IoMT device – neglecting its specific needs can serve as an entry point for attackers. Inventorying, assessing the risk and ensuring compliance of these devices are important first steps to guarantee their security, which can then be followed by monitoring the network to detect and respond to threats in real time.”

Between 2022 and 2023, the global healthcare sector saw over 11 million ransomware attempts and over 271 million intrusion attacks, according to research by cyber security company SonicWall. Their research found that encrypted threats had risen by 35% and Internet of Things malware by 33% since the beginning of 2022.

Digital Health:     SonicWall:     Independent:    Verdict:     DataBreaches:   CybersecurityConnnect

You Might Also Read: 

Progress Software Has Critical Hacking Vulnerabilities:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« British Spy Agency Was Hacked 20 Years Ago
A Perfect Storm For Cybercrime »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Business Intelligence Associates (BIA)

Business Intelligence Associates (BIA)

BIA's TotalDiscovery is a defensible and cost-effective corporate preservation and legal compliance software solution.

IoT European Research Cluster (IERC)

IoT European Research Cluster (IERC)

IERC brings together EU-funded projects with the aim of defining a common vision for IoT technology and development research challenges.

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

Department of Energy - Cybersecurity, Energy Security, and Emergency Response (CESER)

The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today.

GMV

GMV

GMV is a technological business group offering solutions, services and products in diverse sectors including Intelligent Transportation Systems, Cybersecurity, Telecoms and IT.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

UKsec: Virtual Cyber Security Summit

UKsec: Virtual Cyber Security Summit

Join 100s of UK Cyber Security Leaders Online for Expert Cyber Security Talks, Strategy Insights, Cyber Resilience Tips and More.

OwnZap Infosec

OwnZap Infosec

OwnZap Infosec aims to digitally shield the cyberspace by offering services like Penetration Testing and Red Teaming, Infrastructure Security Testing, and Vulnerability Assessments.

Lightspin

Lightspin

Lightspin is a contextual cloud security platform that continuously visualizes, detects, prioritized, and prevents any threat to your cloud stack.

CAPSLOCK

CAPSLOCK

CAPSLOCK delivers career-changing cyber training to help adults re-skill. Learn online to become a cyber security professional and pay no tuition until you land a high-paying job.

Tide Foundation

Tide Foundation

Tide's breakthrough multi-party-cryptography enables TRUE-zero-trust technology that unlocks cyber-herd immunity.

Start Left® Security

Start Left® Security

Great security culture doesn't just happen; you ENGINEER it.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

ID North

ID North

ID North is a Nordic service provider offering identity security to its customers by providing world class expertise and best-in-class solutions and services.

Keepit

Keepit

Keepit offer all-inclusive, secure, and reliable backup and recovery services for your data.

CIP Cyber

CIP Cyber

CIP Cyber is an online learning community with a mission of connecting, training, and certifying cybersecurity professionals to protect critical infrastructure.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.