Cyber Gang Qilin Leaks Sensitive NHS Data After Failed Extortion Attempt

A group of cybercriminals, known as Qilin, has caused significant disruption to multiple London hospitals by publishing sensitive data stolen from an NHS blood testing company. Since hacking Synnovis on June 3, Qilin has been attempting to extort money from the NHS provider. After warning they would release the data if not paid, the gang uploaded almost 400GB of private information to their darknet site and Telegram channel overnight on Thursday.

The leaked data includes patient names, dates of birth, NHS numbers, and blood test descriptions. It remains unclear if actual test results were included. Additionally, business account spreadsheets detailing financial transactions between hospitals, GP services, and Synnovis were exposed. This breach is considered one of the most severe cyber-attacks in the UK, affecting over 1,000 hospital and GP appointments and operations due to the disruption of pathology services.

The ransomware attack encrypted vital information within Synnovis' computer systems, used by two NHS trusts in London, rendering their IT systems inoperable. The hackers also downloaded private data to leverage for ransom, typically demanded in Bitcoin. The amount Qilin sought or whether Synnovis engaged in negotiations is unknown, but the public release of data suggests no payment was made.

Law enforcement agencies consistently advise against paying ransoms, as it perpetuates criminal activities without guaranteeing that hackers will honor their promises. Ransomware expert Brett Callow from Emsisoft highlighted that healthcare organizations are increasingly targeted due to their potential for high-value payoffs. He referenced a recent incident where United Health Group paid a $22 million ransom, underscoring the sector's vulnerability.

Qilin communicated with the BBC via an encrypted messaging service on Tuesday night, claiming the attack on Synnovis was a protest against the UK's insufficient support in an unspecified war. The group, thought to be based in Russia, has a history of monetizing stolen data from various sectors worldwide. They used rhetoric resembling that of conflicts involving Ukraine, though their specific political affiliations remain ambiguous.

Despite their proclaimed activist intentions, skepticism surrounds Qilin's motives. The gang has previously posted advertisements for hackers to join their criminal operations in Russian. While rare, there have been instances of ransomware hackers being arrested in Ukraine, but such arrests are uncommon in Russia due to the government's lack of cooperation with Western law enforcement.

Qilin refrained from disclosing further political or geographical details for "security reasons," but their actions have undeniably caused significant harm and disruption to the UK's healthcare sector.

Why This Matters: This cyberattack highlights the growing threat of ransomware to critical healthcare infrastructure. The breach not only disrupts medical services but also endangers patient privacy and safety.

Key Takeaways

• Qilin leaked almost 400GB of sensitive NHS data after failed extortion.
• The attack affected over 1,000 hospital and GP appointments and operations.
• Ransomware gangs increasingly target healthcare for lucrative payouts.
• Law enforcement advises against paying ransoms to deter criminal activities.
• Qilin's claims of activist motives are met with skepticism, with their actions primarily driven by financial gain.