London hospital hackers publish stolen blood test data – BBC News

A gang of cybercriminals causing major disruption to several London hospitals have published sensitive data stolen from an NHS blood testing company.

Qilin has been trying to extort money from NHS provider Synnovis since hacking the company on June 3.

The gang previously told the BBC they would publish the data unless they were paid.

On Thursday evening, they shared nearly 400 GB of private information on their darknet site and Telegram channel.

The data includes patient names, dates of birth, NHS numbers and descriptions of blood tests. It is not known whether test results are also included in the data.

There are also business account spreadsheets with detailed financial agreements between hospitals, GP services and Synnovis.

The fallout from the Synnovis hack has been one of the worst ever cyber attacks in the UK, with more than 1,000 hospital and GP appointments and surgeries affected due to the disruption of pathology services.

The ransomware hackers infiltrated the computer systems of the company used by two NHS trusts in London and encrypted vital information, rendering IT systems unusable.

As is often the case with these gangs, they also downloaded as much private data as possible to further extort the company for a Bitcoin ransom.

It is not known how much money the hackers demanded from Synnovis and whether the company entered into negotiations. But the fact that Qilin published some, possibly all, of the data means they haven’t paid.

Law enforcement agencies around the world regularly urge ransomware victims not to pay, as this encourages the criminal enterprise and does not guarantee that the criminals will do what they promise.

Ransomware expert Brett Callow of Emsisoft said healthcare organizations were increasingly being targeted because the hackers knew they could do a lot of damage and sometimes make a lot of money.

“Cybercriminals go where the money is and unfortunately the money is in attacking the healthcare sector. And since United Health Group reportedly paid $22 million [£17.3m] ransom earlier this year, the industry is more in the crosshairs than ever before,” he said.

On Tuesday evening, Qilin spoke to the BBC over an encrypted messaging service and said they had deliberately attacked Synnovis as a way to punish Britain for not helping enough in an unspecified war.

Qilin, which has a track record of extorting money, claimed in this case that it had carried out a cyber attack in protest.

“We feel very sorry for the people who have suffered because of this. We do not consider ourselves guilty of this and ask that you do not blame us in this situation. Blame your government.”

Qilin’s claims of an activist motive have largely been met with skepticism.

On their darknet site, they have leaked data stolen for money from other healthcare organizations, schools, companies and municipalities around the world.

The gang, believed to be based in Russia like many ransomware teams, would not say where they are located.

It said the British government “doesn’t invest even a penny in the lives of those fighting on the front lines of the free world,” reminiscent of the language used to describe Ukraine’s fight against the Russian invasion.

But it could also refer to Russian forces fighting Ukraine.

The group says it has deliberately chosen to attack blood testing company Synnovis, which is used by two London NHS trusts.

“Our citizens are dying in an unequal fight due to a lack of medicine and donor blood,” the report said.

It would be unusual but not unprecedented if Qilin hackers were in Ukraine, where many suspected ransomware hackers have been arrested in recent months.

It is very rare for hackers to be arrested in Russia, as the government there refuses to cooperate with requests from Western law enforcement agencies.

Qilin declined to be more specific about his political allegiance or geography “for security reasons.”