A Russian hacker group that has crippled NHS hospitals after targeting a major provider of lab services is demanding a ransom of $50 million.
The group, which is called Qilin, has already claimed that they are responsible for the attack that happened on June 4 on Synnovis. They were seeking payment before they will unlock computers that were affected by the breach.
On Tuesday, they threatened to release sensitive data from the Synnovis system, and overnight on Thursday, they followed through on that promise.
According to the BBC, the hacker group shared nearly 400GB of private information onto a site they run on the darknet. Sampling of the data shows that it includes the names, birth dates, NHS numbers and full description of the blood tests for NHS patients.
At this point, it’s unclear whether the actual results of the blood tests are included in the data that was released.
Also included are spreadsheets for business accounts that details different financial arrangements that are in place between Synnovis, hospitals and GP services.
Officials from NHS England spoke with the BBC this week, saying that they knew of the publication of the data but weren’t able to completely verify whether the data that was shared was real.
As the official said:
“[We have] been made away that the cyber criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack. We understand that people may be concerned by this, and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible.
“This includes whether it is data extracted from the Synnovis system, and if so, whether it relates to NHS patients.”
The hack on Synnovis is one of the worst ever to hit the UK. According to the BBC, more than 3,000 hospital and GP appointments, as well as overall operations, have been significantly affected.
The hackers were able to infiltrate the company’s computer systems that are used by two NHS trusts located in London. They then encrypted some of the vital information there, which made the overall IT system completely useless.
As is typical in these types of attacks, the hacking group downloaded loads of private data so that they could use that to extort Synnovis to receive a ransom payment that would be paid in Bitcoin — since it’s hard to track.
As the BBC pointed out, the fact that the Qilin published at least some of the data is probably an indication that Synnovis has not met the groups ransom demands. It’s possible that the data they released is only a sampling of what they have, and is being used as further leverage to receive the money.
Health-care groups around the world are being targeted increasingly by hackers because they know they can do a lot of harm. Brett Callow, who works for Emsisoft as a ransomware expert, told the BBC:
“Cybercriminals go where the money is and, unfortunately, the money is in attacking the healthcare sector. And since United Health Group reportedly paid a $22 million ransom earlier this year, the sector is more squarely in the crosshairs than ever before.”