Hackers claim breach is the ‘biggest ever’ in NHS history

11 Jul 2023

Image: © William/Stock.adobe.com

As the NHS celebrates its 75th anniversary this month, one of its London-based trusts is reportedly suffering a massive breach involving 70TB of sensitive data.

A trust that is part of the National Health Service (NHS) in the UK is investigating a cyberattack that may have resulted in data from millions of patients being stolen.

First reported on by TechCrunch, the Barts Health NHS Trust breach has been claimed by ransomware group ALPHV. The cybercrime gang claims to have hacked into Barts’ system and stolen 70TB of data – which, if accurate, is one of the biggest breaches of healthcare data in UK history.

Based in London, Barts Health NHS Trust runs five hospitals in the city and has more than 2.5m patients within its system. Samples of the stolen data seen by TechCrunch include employee identification documents such as passports and driver licenses, as well as confidential emails.

“We are aware of claims of a ransomware attack and are urgently investigating,” a spokesperson for Barts told the outlet.

ALPHV, also known as the BlackCat hackers, were also involved in a cyberattack on Reddit last month, when the gang threatened to leak 80GB worth of confidential data amid the API pricing charges controversy.

While many of the group’s victims are US-based, its latest major breach involves the UK’s top healthcare body, one that is now being investigated by the country’s National Cyber Security Centre. It also comes as the NHS celebrates its 75th anniversary this month.

‘Ramifications can be disastrous’

A little less than a year ago, the NHS suffered disruptions after a software outage was caused by a cyberattack that targeted systems that facilitate patient referrals, ambulance bookings, out-of-hours appointments and emergency prescriptions.

In 2017, NHS services were significantly impacted after a large-scale ransomware attack. The HSE was also subjected to a cyberattack in May 2021, with severe impacts on health services after IT systems were infiltrated.

Spencer Starkey, vice-president of EMEA at cybersecurity company SonicWall, said that the healthcare sector continues to be a “prime target” for hackers globally.

“Not only does this attack risk the potential for exposed patient data, but any significant IT issue that halts patient care poses an immediate threat to life,” said Starkey, referring to the Barts Health cyberattack.

“The ramifications of an attack on the healthcare sector can be disastrous and it’s important to place the utmost amount of time, money and efforts on securing it.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic