Share this article on:
The hackers responsible for the London hospitals cyber attack earlier this month have published data stolen in the breach.
Almost 400 gigabytes of data belonging to pathology firm Synnovis was posted on the Qilin ransomware gang’s dark web leak site on 19 June, containing patient names, dates of birth and NHS numbers, according to a BBC report.
“We understand that people may be concerned by this, and we are continuing to work with Synnovis, the National Cyber Security Centre and other partners to determine the content of the published files as quickly as possible,” said a spokesperson for NHS England.
“This includes whether it is data extracted from the Synnovis system, and if so, whether it relates to NHS patients.”
The data is currently being analysed to determine what else may have been stolen. At this stage, it is unclear whether or not blood test results are included, but the data does include business accounts and transactions between hospitals and Synnovis.
While some services have returned to normal, operations and procedures continue to be postponed, according to medical director for NHS London, Dr Chris Streather.
“Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyber attack on Synnovis is continuing to have a significant impact on NHS services in south-east London,” he said, as seen by Yahoo! News.
“Having treatment postponed is distressing for patients and their families, and I would like to apologise to any patient who has been impacted by the incident, and staff are continuing to work hard to re-arrange appointments and treatments as quickly as possible.”
The Synnovis cyber attack was discovered earlier this month when, initially, five London hospitals had operations disrupted.
The number of affected hospitals quickly increased, and the NHS quickly said that the recovery process could take months.
“It is unclear how long it will take for the services to get back to normal, but it is likely to take many months,” a well-placed official said.
“Key to a return to normal will be clarity about how the hackers gained access to the system, how many records have been affected and whether these records are retrievable.”
Additionally, the attack has left hospitals unable to carry out blood transfusions and having to cancel tests and other pathology operations, leading to the NHS calling on blood donors to rapidly respond, as blood only has a shelf life of 35 days.
Earlier this week, the NHS blood donation website set up a queuing system for blood donation appointments, which it uses when demand is high, and called on all O-positive and O-negative donors to book appointments to donate blood at one of 25 donation centres across England.
O blood type is the universal blood type, and it is used in emergency surgeries or when blood types are unknown, as it is safe for use with everyone.
Last week, the NHS announced that it suffered the attack, saying that some operations were halted.
“All urgent and emergency services remain open as usual, and the majority of outpatient services continue to operate as normal,” said the NHS.
“Unfortunately, some operations and procedures which rely more heavily on pathology services have been postponed, and blood testing is being prioritised for the most urgent cases, meaning some patients have had phlebotomy appointments cancelled.”
Additionally, Synnovis chief executive Mark Dollar said that its systems had been interrupted.
“This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services,” he said, adding that the hospitals declared a “critical incident” that affected the delivery of services such as blood transfusion.