Hackers behind cyber attack ordered by judge to return stolen NHS patient data

15 August 2024, 12:54

The entrance to St Thomas' Hospital in London
Cyber attack at major London hospitals. Picture: PA

A ransomware gang targeted pathology services provider Synnovis on June 3.

Hackers responsible for a cyber attack that led to more than 10,000 NHS appointments being cancelled have been ordered by a High Court judge to “unmask” themselves and return or delete stolen data.

Pathology services provider Synnovis was targeted by Russian cyber gang Qilin on June 3, with hackers reportedly obtaining confidential medical information and blood test results of more than 100,000 patients, the court was told.

The ransomware attack saw appointments cancelled at two London NHS trusts and prompted a warning that parts of the NHS’s IT system are “out of date” and at risk of further attacks.

In a written ruling on Thursday, Mrs Justice Stacey said she had granted Synnovis’s bid for an interim injunction seeking to prevent the release of stolen data.

The judge’s temporary order against “persons unknown” requires the hackers to provide their full names and addresses to allow for legal documents to be served on them.

Mrs Justice Stacey also said it was “plainly just and convenient” for the order to include “a prohibition preventing further unauthorised access of the claimant’s IT systems by the defendants – a so-called anti-hacking injunction” to help prevent more attacks.

Synnovis’s case was considered at a hearing in London last month, which the judge said was held in private due to discussions over “the theft of confidential, highly personal medical information”.

The BBC has reported that the Qilin gang has carried out “criminal hacks for extortion purposes of a range of public and private services and companies since 2022”, the judge was told.

After the Synnovis cyber attack, which saw a ransom note left on its IT systems, Qilin told the broadcaster it took responsibility.

The information obtained was the “commercially sensitive, private and… confidential” medical records of patients at the Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust, the court was told.

Some data was released via the Telegram messaging platform on June 20, while a post of information and a statement was published on a website called “Wikileaksv2” on June 27.

Telegram had not responded to a request to remove information, while Wikileaksv2 is feared to be a “clone site” under the control of hackers, the judge heard.

Mrs Justice Stacey said there was “a real risk that further unauthorised, damaging disclosures” could be made.

“The defendants have come into possession of the claimant’s confidential information or property through criminal and unlawful actions,” the judge added.

“It has done so for the purpose of commercial gain. It is engaging in extortion.

“The claimant has established that publication of the information should not be allowed and that its use should be restricted.”

The judge continued: “I am also satisfied that the defendants must identify themselves – their actions appear unlawful and it appears that they are seeking to hide their identity behind a cloak of anonymity and an organisation, Qilin, which has no legal identity.”

According to the BBC, Qilin shared almost 400GB of data, including patient names, dates of birth, NHS numbers and descriptions of blood tests, on its darknet site and Telegram channel.

Earlier this month, NHS England London said a total of 10,001 acute outpatient appointments and 1,680 elective procedures had been cancelled across the two trusts.

It said more than 60 IT systems used in laboratories have been rebuilt, or are in the process of being rebuilt, with capacity increasing.

By Press Association

More Technology News

See more More Technology News

Prime Minister hosts Chanukah reception

AI tech giants should not be subsidised by British creatives, Starmer signals

Dr Craig Wright arrives at the Rolls Building in London for the trial earlier this year (Lucy North/PA)

Computer scientist behind false Bitcoin founder claim sentenced for contempt

Google has been contacted for comment (PA)

ICO criticises Google over ‘irresponsible’ advertising tracking change

Some 22% of consumers have increased their use of second-hand shopping apps in the past three months (Depop/PA)

Millions of Britons earning average £146 a month on second-hand platforms

ChatGPT being used via WhatsApp

ChatGPT joins WhatsApp to allow anyone to access the AI chatbot

A Facebook home page on a laptop screen

Meta fined more than 250 million euro by Irish data commission following breach

Finger poised above WhatsApp app on smartphone

Ending use of WhatsApp is ‘clear admission’ Government was wrong, claim Tories

Phone with WhatsApp on the screen

Scottish Government to cease use of WhatsApp by spring, says Forbes

Open AI

OpenAI rolls out ChatGPT search engine tool to all users

Most people happy to share health data to develop artificial intelligence

Government launches consultation on copyrighted material being used to train AI

Debbie Weinstein

Google names UK executive as president for Europe, Middle East and Africa

The Apple App store app on an iPad (PA)

Shopping and Roblox named among most popular Apple App Store downloads of 2024

A young child lies on a couch while playing on a smartphone

Q&A: Ofcom, the Online Safety Act, and codes of practice for social media

A girl using a mobile phone

Ofcom’s new online harms rules for social media firms disappoint campaigners

A man in a hoodie in front of several computer monitors

Peers urge ministers to step-up efforts to criminalise deepfake abuse

Exclusive
‘The law is really slow in catching up’: Woman fights for justice after friend made deepfake porn of her

‘The law is really slow in catching up’: Woman fights for justice after friend made deepfake porn of her