Hacking gang claims to have stolen trove of data from Barts Health NHS Trust
(Bloomberg) — British cybersecurity officials are investigating an alleged cyberattack on a group of hospitals in London that has led to the disclosure of confidential documents online.
A gang of Russian-speaking cybercriminals known as ALPHV, or BlackCat, claimed on its website last week that it had obtained seven terabytes of internal documents from the Barts Health NHS Trust, and threatened to post them online unless a ransom is paid.
A spokesperson for the UK’s National Cybersecurity Centre said in a statement on Wednesday that it was “working with Barts Health NHS Trust and partners to fully understand the impact of an incident.”The Information Commissioner’s Office, the regulatory body that oversees data privacy in the UK, confirmed it had received a report of a data breach from Barts and added that it was assessing the matter.
A spokesperson for Barts referred to an earlier statement in which it said that it was “urgently investigating” the hacking gang’s claims.
The Barts trust manages five hospitals in London that care for about 2.5 million people, making it one of the largest in the country, according to its website. The National Health Service in England and Wales has more than 200 trusts, which manage and provide medical services and function as not-for-profit, public benefit corporations.
The breach marks the third major cyberattack that Barts has faced in the last six years. In January 2017, the trust’s systems were infected with malware, which disrupted hospital pathology departments, according to an internal report on that incident. Months later, in May 2017, Barts was hit by the so-called WannaCry ransomware outbreak and had to divert emergency ambulance services to other hospitals, according to a government review of the attack.
The damage caused by the latest incident isn’t yet clear. ALPHV is known to deploy ransomware, a kind of malicious software that encrypts a victim’s computers and renders them inoperable. It then demands payment to unlock the computers and threatens to publish stolen data. Increasingly, however, hacking gangs are forgoing ransomware and just stealing data, then threatening to publish it online unless they are paid.
The gang published a selection of files it said it stole from the Barts Health, including copies of employees’ driving licenses and passports, in addition to internal emails and correspondence marked confidential. In broken English, the hackers claimed on their dark web page that the haul of data from Barts Health amounted to the “most bigger leak from health care system in UK.”ALPHV hackers communicate in Russian, and they have been active since November 2021, carrying out attacks on a wide range of companies across dozens of sectors, including construction and engineering, retail, transportation, commercial services, insurance, telecommunication and pharmaceuticals, according to a report published last year by researchers at Unit 42, a cybersecurity team at Palo Alto Networks Inc.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.