A Million British Medical Patient Records Hacked

The UK’s National Health Service (NHS) has disclosed the personal information and other details on over a million patients have been compromised, senior health chiefs have been warned.

This follows a recent ransomware attack on the University of Manchester (UoM) which affected an NHS patient data set that holds information on 1.1 million patients across 200 hospitals. 

Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes.  

The information, which includes records of major trauma patients across the country and people treated after terror attacks, was gathered by the university for research purposes. In its warning to health officials, the university said it did not know how many patients were affected or whether names had also been hacked. The university said that some systems were affected or were running slower than normal. The student accommodation system, for instance, was not available as of 23 June.

The data that had been collected by the hacker includes name and contact details, next of kin information, ID numbers, study details, ethnicity, and even disability codes in some cases. An NHS document has shown that the university’s back-up servers were accessed, but it is not known who was behind the attack. 

As a result of the incident, NHS chiefs were warned by UoM that there is “potential for NHS data to be made available in the public domain” and the data set has since been closed. Some patients will not know they are on the database, launched in 2012, as they did not need to give consent to be recorded on it. 

In an unrelated incident on August 5 last year, a separate hack led to the outage of software used to access patient data across NHS 111, a dozen mental health trusts, community hospitals and out-of-hours GP services. The outage lasted weeks and has caused sever safety problems such as patients being prescribed the wrong dose of medication and clinicians being unable to properly assess mentally unwell patients. 

Healthcare is the riskiest industry and this is partly due to the level of connectivity needed for medical services, where sensitive data moves from medical devices and workstations to internal servers, sometimes to external services and then to patients or doctors. 

Head of Security Research at ForescoutDaniel Dos Santos, commented “Besides the data risks, healthcare organisations need to pay attention to the diversity of devices within their environment. Whether it’s an IT, IoT, OT or IoMT device – neglecting its specific needs can serve as an entry point for attackers. Inventorying, assessing the risk and ensuring compliance of these devices are important first steps to guarantee their security, which can then be followed by monitoring the network to detect and respond to threats in real time.”

Between 2022 and 2023, the global healthcare sector saw over 11 million ransomware attempts and over 271 million intrusion attacks, according to research by cyber security company SonicWall. Their research found that encrypted threats had risen by 35% and Internet of Things malware by 33% since the beginning of 2022.

Digital Health:     SonicWall:     Independent:    Verdict:     DataBreaches:   CybersecurityConnnect

You Might Also Read: 

Progress Software Has Critical Hacking Vulnerabilities:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« British Spy Agency Was Hacked 20 Years Ago
A Perfect Storm For Cybercrime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

TorGuard

TorGuard

TorGuard is a Virtual Private Network services provider offering secure encrypted access to the internet.

European Society of Criminology (ESC)

European Society of Criminology (ESC)

The ESC Working Group on Cybercrime is focused on cybercrime, its causes and offenders, impact on victims, and our response to it at the individual, corporate, and governmental levels.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

Assertion

Assertion

Assertion secures your collaboration (UC/CC) systems from cyber risks. Enforcing the right set of controls and monitoring them continually brings down risk to acceptable levels.

GuardRails

GuardRails

GuardRails provides continuous security feedback that empowers developers to find, fix, and prevent vulnerabilities.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

Findcourses.co.uk

Findcourses.co.uk

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

Bitbone

Bitbone

Bitbone develop IT infrastructure and IT security solutions that create long-term value.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

iManage

iManage

iManage's intelligent, cloud-enabled, secure knowledge work platform enables organizations to uncover and activate the knowledge that exists inside their business.

EDGE Group

EDGE Group

EDGE is one of the world’s leading advanced technology groups, established to develop agile, bold and disruptive solutions for defence and beyond.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

Security4Media

Security4Media

Security4Media is a non-profit association set up to reduce risks and support trust in media, in the face of increasing cybersecurity threat levels.