Intelligence authorities are currently engaged in an investigation into a suspected cyber attack targeting a prominent NHS trust, which serves a vast patient population of 2.5 million individuals. This incident involves a notorious group specializing in ransomware attacks, who have asserted that they possess significant volumes of sensitive data extracted from Barts Health NHS Trust.
The attackers have issued a deadline of Monday, after which they intend to publicly disclose the pilfered information.
On Friday, a group known as BlackCat or ALPHV made a statement asserting that they have successfully breached the security of the targeted organization, gaining unauthorized access to sensitive employee information such as CVs and financial data, including credit card details.
Additionally, they claimed to have obtained confidential documents pertaining to individuals' identities.
The exact nature of the information involved in the incident remains uncertain, including whether it includes patient data or if the hacking group has effectively infiltrated the trust's systems.
Nevertheless, the situation introduces the possibility that private data belonging to the extensive patient population of approximately 2.5 million individuals served by Barts Health NHS Trust may be exposed on the dark web. In response to these developments, the trust, which encompasses six hospitals and ten clinics in East London, expressed its immediate commitment to conducting a thorough investigation into the claims.
BlackCat emerged onto the radar in 2021 and has gained a reputation as one of the most advanced malware operations to date. According to reports, the group responsible for BlackCat managed to infiltrate approximately 200 organizations during the period spanning November 2021 to September 2022.
The gang's modus operandi involves employing various extortion techniques against their victims. These tactics include issuing individualized ransom demands, which encompass requests for decryption keys to unlock infected files, threats of publishing stolen data, and warnings of launching denial of service attacks.
According to sources at The Telegraph, The National Cyber Security Centre (NCSC), which operates under the purview of GCHQ, is actively involved in the ongoing investigation.
Ransomware attacks employ specialized software to either extract sensitive data from the victim or restrict their access to it.
In certain instances, the attackers employ encryption techniques to lock the targeted files, subsequently demanding a ransom in exchange for providing the decryption key.
In 2017, the NHS experienced a significant and widespread impact from the global "Wannacry" ransomware attack, resulting in a temporary halt of operations within the healthcare system.
The severity of the situation necessitated the urgent transfer of critical patients from affected hospitals to alternative facilities.
Notably, the hacking group did not make any mention of an encryption key in their communication.
Experts in the field have put forward a hypothesis that this omission could potentially indicate that the gang has not encrypted the pilfered information. Instead, they might be employing a strategy commonly seen in such cases, aiming for a swift payment from the targeted organization. This tactic has become increasingly prevalent in recent times.