Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Dataleak. Show all posts

Why Cybercriminals Keep Targeting the NHS: Insights into the Latest Attack

 


In a statement released on 3 June, NHS England confirmed that the patient data managed by the company Synnovis for blood testing was stolen in a ransomware attack. In a threat to extort money from Synnovis, a group of Russian cybercriminals called Qilin shared almost 400GB of personal information through their darknet site on Thursday night, which they had threatened to do. There is no evidence to indicate that test results have been published, according to a statement issued by NHS England. However, the company said that investigations are still ongoing. 

As a shocking development has recently occurred, the NHS has announced it has been a victim of a major cyber attack targeting a company known as Synnovis. Synnovis, formerly known as Viapath, offers pathology services to hospitals across the country. The hospital is a partnership between Guy’s and St Thomas NHS Foundation Trust and King’s College Hospital NHS Foundation Trust. It is possible that millions of sensitive health information of NHS patients across England could have been compromised by the attack, which happened on June 22nd. 

As of Monday 3 June, Synnovis - a pathology partnership between Guy's and St Thomas' NHS Foundation Trust, King's College Hospitals NHS Trust and SYNLAB - suffered a ransomware cyber attack, disrupting their operations. There is no denying that this attack has been one of the worst in the history of medicine in the UK. It has resulted in an extremely significant decrease in the number of tests that can be processed and reported to clinical teams as a result of this attack. King's College Hospital and Guy's and St Thomas Hospital have been postponing 1,134 elective procedures and 2,194 outpatient appointments since 3 June, which means the total number of elective procedures and outpatient appointments cancelled. 

In the wake of the attack, which was allegedly perpetrated by a Russian criminal gang, Qilin has posted over 400GB of sensitive data to a darknet site that has been used to hide data. Among the data are names, dates of birth, NHS numbers, as well as descriptions of blood tests that were performed. Moreover, a spreadsheet detailing financial arrangements between hospitals, general practitioners, and Synnovis is also found. Qilin has also claimed to have attacked a ‘protest’ but declined to give any further details about their political affiliation or location. 

In the recent past, Synnovis, a partnership between two London hospitals and SYNLAB providing pathology services, has been a victim of a cyberattack. In the past week, a group has claimed responsibility for the attack and published information online,” Snnaovis said in a press release. Even though there have been no indications that the Laboratory Information Management System (LIMS) databases, which are crucial for supporting lab operations and storing patient test requests and results, have been compromised, or that they are available online, there are no signs that they have been. 

An analysis of the stolen data by the BBC revealed that it included the names of patients, birth dates, NHS numbers, and blood tests described by the patient, an act which has been described as the "most significant and harmful cyber attack ever committed in the United Kingdom." It has also been found that business account spreadsheets are being used to take notes about the financial arrangements between hospitals, GP services, and Synnovis. Ransomware hackers have infiltrated the company's computer systems, which are used by two NHS trusts in London, and encrypted vital information, resulting in the inability to use its IT systems. 

The cybercriminals also downloaded as much information as possible to further extort the company for a ransom payment, as is often the case with cybercriminals. Neither Synnovis nor the hackers have disclosed how much money the hackers requested from Synnovis, nor have negotiations been held between the two organizations. Qilin, however, has published some of the data, which could be all of it, so they haven't been paying. In an encrypted message sent to the BBC by the cyber attackers, the cyberattackers explained that they were targeting Synnovis intentionally to punish the UK for not participating enough in an unspecified war. 

In the NHS England statement, it was stated that the company continues to work closely with Synnovis and the National Crime Agency. A helpline has been established by NHS England for people affected by the attack and the organisation will continue to share updates, but "investigations of this type are complex and take time to complete." During the NHS, these systems are used to securely transfer patient data from one part of the healthcare system to another, raising serious questions about the safety and privacy of the data that is shared amongst members of the system. Officials at the National Health Service (NHS) are scrambling to assess the extent of the breach and find out exactly what information may have been exposed as a result of the breach. 

There have been assurances from the authorities that need-to-know services will remain fully operational for the time being, but some appointments and services not urgent in nature may need to be rescheduled to ensure the secure restoration of systems that have been affected. According to Synnovis, all affected systems have been taken offline as a precautionary measure, and as the company investigates the incident in partnership with the National Cyber Security Centre, the NHS is also investigating the incident. While many do not understand how such a crucial part of the NHS' digital infrastructure can be left vulnerable to such a heinous attack, a few have made a suggestion. As cyber security threats become increasingly sophisticated, there is now a growing concern about whether the NHS is capable of protecting itself from inherently secure threats. 

A call to action has been issued urging people to be more vigilant and to report any suspicious communications they receive claiming to be from the NHS immediately. It's becoming more obvious every day that the scale and impact of this unprecedented attack on England's health service are far from being known, but public confidence in the NHS's ability to keep personal data secure is at stake as more details emerge. In the last few months, there have been shockwaves throughout the healthcare sector as well as beyond it. Identifying impacted individuals can be a complicated process and can take up to a week for the investigation to be complete. As a result, local health systems have collaborated to ensure that patients' health impacts are managed promptly, that urgent blood samples are processed and that historical health records are accessible by laboratories.

ACY Accidentally Exposes User Data On Web

Anurag Sen, a famous cybersecurity expert said that ACY Securities, an Australia-based trading company accidentally posted huge amounts of personal and financial data of unsuspected users and businesses on the web for public access. The incident happened because of misconfigured database that ACY Securities owns. Sadly, the data leak had over 60GB worth of data that was left in the open without any protection. 

It means that anyone with basic knowledge about obtaining unsafe databases from platforms like Shodan can gain full access to ACY's data. The data had logs from February 2020 to this date, getting updated regularly. The exposed data includes- full name, postal code, address, date of birth, email address, gender details, contact number, password, and banking, and financial information. The attack hit businesses in various countries including China, India, Spain, Russia, Brazil, Australia, Romania, Malaysia, the United States, the United Kingdom, Indonesia, and United Arab Emirates. 

The expose is very severe because, at the beginning of this year, Anonymous and affiliated hacker groups totaled 90% (estimated) of Russian cloud databases, leaked to the public. The exposed data in these leaks was without a password or authentication. 

In the ACY Securities incident, if we consider the extent and nature of leaked data, the case could've turned out to have the worst implication. For instance, threat actors could have downloaded tha data and performed phishing scams, identity thefts, marketing campaign scams, and microloans identity scams.

"misconfigured or unsecured databases, as we know it, have become a major privacy threat to companies and unsuspected users. In 2020, researchers identified over 10,000 unsecured databases that exposed more than ten billion (10,463,315,645) records to public access without any security authentication. In 2021, the number increased to 399,200 exposed databases," read a post on HackRead.