A gang of cybercriminals says it has breached one of the UK’s largest hospital groups and is threatening to publish a trove of its confidential data.
(Bloomberg) — A gang of cybercriminals says it has breached one of the UK’s largest hospital groups and is threatening to publish a trove of its confidential data.
The gang, known as ALPHV or BlackCat, posted a statement on Friday claiming it had obtained seven terabytes of internal documents from the Barts Health NHS Trust, which manages five hospitals in London that care for about 2.5 million people, according to the Trust’s website.
ALPHV is known to deploy ransomware, a kind of malicious software that encrypts a victim’s computers and renders them inoperable. It then demands payment to unlock the computers and threatens to publish stolen data. Increasingly, however, hacking gangs are foregoing ransomware and just stealing data, then threatening to publish it online unless they are paid.
It wasn’t immediately clear whether the gang had used its ransomware on computers at the London hospitals, St. Bartholomew’s, the Royal London, Mile End, Whipps Cross and Newham.
A spokesperson for the Barts Health said on Friday, “We are aware of claims of a ransomware attack and are urgently investigating.”
Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, said early indications suggested the gang hadn’t yet deployed ransomware. “Had ransomware been deployed, the disruption would likely have been noticeable – and possibly very significant,” he said. The gang may have chosen not to use its ransomware, “or Barts detected and blocked the encryption part of the attack,” he said.
The gang published a selection of files it said it stole from the Barts Health, including copies of employees’ driving licenses and passports, in addition to internal emails and correspondence marked confidential. In broken English, the hackers claimed on their dark web page that the haul of data from Barts Health amounted to the “most bigger leak from health care system in UK.”
ALPHV hackers communicate in Russian, and they have been active since November 2021, carrying out attacks on a wide range of companies across dozens of sectors, including construction and engineering, retail, transportation, commercial services, insurance, telecommunication and pharmaceuticals, according to a report published last year by researchers at Unit 42, a cybersecurity team at Palo Alto Networks Inc. The gang is known to recruit “affiliates” on cybercrime forums who effectively rent out its ransomware to hack companies and organizations, the report said.
The group previously disrupted Germany’s fuel distribution system after it hacked the firms Mabanaft GmbH and Oiltanking GmbH Group. It also took responsibility for a hack targeting Italy’s GSE energy agency.
The UK’s National Health Service has previously faced major disruption due to cyberattacks. In 2017, scores of hospitals were affected by the spread of ransomware known as WannaCry, which forced the cancellation of thousands of appointments and operations, according to a report on that incident. In August last year, an attack on Advanced, a firm that provides software to the NHS, disrupted some patient services for weeks.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.