Hackers behind cyber attack ordered by judge to return stolen NHS patient data

15 August 2024, 12:54

The entrance to St Thomas' Hospital in London
Cyber attack at major London hospitals. Picture: PA

A ransomware gang targeted pathology services provider Synnovis on June 3.

Hackers responsible for a cyber attack that led to more than 10,000 NHS appointments being cancelled have been ordered by a High Court judge to “unmask” themselves and return or delete stolen data.

Pathology services provider Synnovis was targeted by Russian cyber gang Qilin on June 3, with hackers reportedly obtaining confidential medical information and blood test results of more than 100,000 patients, the court was told.

The ransomware attack saw appointments cancelled at two London NHS trusts and prompted a warning that parts of the NHS’s IT system are “out of date” and at risk of further attacks.

In a written ruling on Thursday, Mrs Justice Stacey said she had granted Synnovis’s bid for an interim injunction seeking to prevent the release of stolen data.

The judge’s temporary order against “persons unknown” requires the hackers to provide their full names and addresses to allow for legal documents to be served on them.

Mrs Justice Stacey also said it was “plainly just and convenient” for the order to include “a prohibition preventing further unauthorised access of the claimant’s IT systems by the defendants – a so-called anti-hacking injunction” to help prevent more attacks.

Synnovis’s case was considered at a hearing in London last month, which the judge said was held in private due to discussions over “the theft of confidential, highly personal medical information”.

The BBC has reported that the Qilin gang has carried out “criminal hacks for extortion purposes of a range of public and private services and companies since 2022”, the judge was told.

After the Synnovis cyber attack, which saw a ransom note left on its IT systems, Qilin told the broadcaster it took responsibility.

The information obtained was the “commercially sensitive, private and… confidential” medical records of patients at the Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust, the court was told.

Some data was released via the Telegram messaging platform on June 20, while a post of information and a statement was published on a website called “Wikileaksv2” on June 27.

Telegram had not responded to a request to remove information, while Wikileaksv2 is feared to be a “clone site” under the control of hackers, the judge heard.

Mrs Justice Stacey said there was “a real risk that further unauthorised, damaging disclosures” could be made.

“The defendants have come into possession of the claimant’s confidential information or property through criminal and unlawful actions,” the judge added.

“It has done so for the purpose of commercial gain. It is engaging in extortion.

“The claimant has established that publication of the information should not be allowed and that its use should be restricted.”

The judge continued: “I am also satisfied that the defendants must identify themselves – their actions appear unlawful and it appears that they are seeking to hide their identity behind a cloak of anonymity and an organisation, Qilin, which has no legal identity.”

According to the BBC, Qilin shared almost 400GB of data, including patient names, dates of birth, NHS numbers and descriptions of blood tests, on its darknet site and Telegram channel.

Earlier this month, NHS England London said a total of 10,001 acute outpatient appointments and 1,680 elective procedures had been cancelled across the two trusts.

It said more than 60 IT systems used in laboratories have been rebuilt, or are in the process of being rebuilt, with capacity increasing.

By Press Association

More Technology News

See more More Technology News

The Apple logo in the window of an Apple store

Home Office orders Apple to let it access users’ encrypted files – report

Ellen Roome with her son Jools Sweeney

Bereaved families file US lawsuit against TikTok over access to children’s data

The OpenAI logo appears on a mobile phone in front of a computer screen with random binary data

OpenAI taking claims of data breach ‘seriously’

There are concerns over how technology is aiding the abuse of women (Alamy/PA)

Deepfake abuse crackdown a ‘really important blow in battle against misogyny’

The Football Manager 25 logo on a light purple background

Football Manager 25 cancelled after delays

Football Manager 25 has been cancelled after being hit by delays

Football Manager 25 cancelled after several delays

Carsten Jung, head of AI at the IPPR, warned that politics 'needs to catch up' with the implications of AI (PA)

AI could replace 70% of tasks in computer-based jobs, study says

General view of IMI headquarters at Lakeside, Birmingham Business Park, Birmingham.

Engineering group IMI latest UK firm to be hit by cyber attack

A person's hands on the keyboard of a laptop

PSNI exploring use of AI to analyse mobile phone evidence

A screenshot of the homepage of AI chatbot DeepSeek, showing a warning message about new users being unable to register for the app

DeepSeek reopens new user sign-ups despite ongoing security concerns

A Google logo on the screen of a mobile phone, in Londons

Google axes diversity hiring targets as it reviews DEI programmes

A person’s hand pressing keys of a laptop keyboard

UK to get new cyber attack severity rating system

People working at computers

Capital raised by tech start-ups under Government scheme doubles

Xbox Series X and S games consoles

Currys launches Xbox console repairs programme

Hands typing on a keyboard

Military to fast-track recruitment of ‘cyber warriors’ as online threat grows

Composer Max Richter

Human artists could disappear if copyright not protected from AI, MPs told