Stolen NHS Data Published On The Dark Web

Uploaded on 2024-05-13 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

A ransomware group has carried out its threat against a Scottish health board and published a "large volume" of stolen data on the Dark Web. NHS Dumfries and Galloway was hit by a cyber attack in March and confirmed hackers were able to access a "significant quantity of data", including patient and staff-identifiable information.

The cyber criminals later published a Proof Pack, which included confidential information on a small number of patients, and warned more would follow. According to reports, more than 1TB of sensitive data has been made available, with the threat of a  further 3TB of data  to be made available.

The attack on NHS Scotland has been claimed by the Inc Ransomware collective on its dark web leak site. The attack is understood to have originally been conducted in March 2024, with the victim listed on the leak site shortly afterwards, and data made available for download in May 2024.  

Dark Web sites are not accessible by traditional search engines and browsers, meaning this goldmine of data is often missed by traditional security tools.

In comment, Lewis Shields, Director, Dark Ops at ZeroFox said "When compromised by digital extortion collectives, the first indication a victim organisation receives is often a ransom note from the threat actor, explaining that sensitive information, such as leaked or stolen data, compromised or breached credentials, intellectual property, and other sensitive materials, has been acquired and will be made available for illicit sale, should subsequent instructions not be followed... Once named on an extortion collective’s shame site, news of the attack makes its way to the surface Web and is made accessible to the general public, leaving compromised organisations to scramble for a plan to mitigate the operational, financial, and reputational damage that comes with an uncontained security incident." Shields observed.

ZeroFox advises that healthcare providers, along with other vulnerable organisations,  engage in monitoring criminal forums on the Dark Web, enabling them to better understand their external attack surface and stay ahead of the evolving cyber threat landscape. “Implementing a comprehensive Dark Web monitoring will extend the reach of an organisation’s security team to give them greater insight into emerging threats and hopefully, stop them before they become a problem.” according to Shields.

Keiron Holyome, VP UKI & Emerging Markets at BlackBerry said “This latest attack on the NHS, at Dumfries and Galloway in Scotland, highlights that threat actors can use any poorly-protected endpoint to enter and cripple a system... Sensitive NHS data has high value, and risks being held to ransom, released to the Dark Web, or sold to the highest bidder".

 BlackBerry’s latest quarterly intelligence report found that 62% of attacks targeted critical industries, including healthcare, exploiting security misconfigurations or unprotected legacy systems.

“To prevent attacks, healthcare organisations must ensure that cybersecurity protection covers every endpoint, from mobile devices to IoT-connected medical tools such as ventilators or robotic surgery equipment, equally comprehensively... Many departments will be running outdated, possibly unsupported, technologies, some systems may run offline or with infrequent connectivity - everything requires the same high level of protection to defend against the daily onslaught of attacks." Holyome commented.

In a statement, NHS Dumfries and Galloway confirmed that a "large volume of data" had been published in what iy described as an "utterly abhorrent criminal act". Work is beginning to take place with partner agencies to assess the data which has been published and  Police Scotland, the National Cyber Security Centre and the Scottish government are engaged in responding to the situation.

NHS Dumfries and Galloway is urging the public to be alert for any attempts to access their work and personal data and has warned people to be vigilant about any potential approach by someone claiming to be in possession of either their personal data or NHS data - whether this approach comes by email, telephone, social media or other means.

Potential victims are advised to take down details about the approach and contact Police Scotland and there is a dedicated NHS webpage set up in response to the cyber attack, with a helpline available on 01387 216 777.

Police Scotland said its "inquiries are continuing into a cyber attack on NHS Dumfries and Galloway".

ZeroFox   |   Blackberry   |   Sky   |

Image: 

You Might Also Read: 

Healthcare Has Issues With Outsourced Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Mobile Gambling - Sportsbooks Face Growing Fraud
Dell Hacked - 49m Customers Exposed  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Spambrella

Spambrella

Spambrella provides email security with real-time threat protection. 100% SaaS (nothing to install)

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

CounterFind

CounterFind

CounterFind is turnkey technology that allows brands to find and remove counterfeit and infringing merchandise from online marketplaces and social media sites.

Syber Technology

Syber Technology

Syber Technology is an IT project implementer empowering IT systems of Small to Medium Enterprises in the Middle East.

Leidos

Leidos

Leidos is a recognized leader in cybersecurity across the federal government, bringing more than a decade of experience defending cyber interests globally.

Quintillion Consulting

Quintillion Consulting

Quintillion Consulting is a strategic risk based consulting firm. We help companies safeguard the core business and IT capabilities that deliver competitive advantage.

Brookcourt Solutions

Brookcourt Solutions

Brookcourt Solutions delivers cyber security, network monitoring technologies and managed security services to help secure and protect your organisation’s critical infrastructure.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Sekuro

Sekuro

Sekuro is your leading governance and cyber security partner. Building organisational resilience. Enabling fearless innovation.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

Policy Monitor

Policy Monitor

Policy Monitor is a cyber security company founded by experts with extensive experience in operational and risk management.

Royal United Services Institute (RUSI)

Royal United Services Institute (RUSI)

The Royal United Services Institute is an independent think tank engaged in cutting edge defence and security research. Areas of research include cyber security and resilience.

63 Moons Technologies (63MT)

63 Moons Technologies (63MT)

63 Moons Technologies is a world leader in providing next-generation technology ventures, innovations, platforms, and solutions.