Share this article on:
A ransomware attack on a UK university has reportedly led to the records of 1.1 million patients being compromised, as the university was using their NHS data for research purposes.
The University of Manchester revealed that a “criminal entity” had accessed its systems on 6 June and that a “small proportion of data” belonging to students and alumni had been compromised.
The university said that some systems were affected or were running slower than normal. The student accommodation system, for instance, was not available as of 23 June. The data that had been collected by the hacker includes name and contact details, next of kin information, ID numbers, study details, ethnicity, and even disability codes in some cases.
However, a source has leaked to the UK news outlet The Independent that the breach is far greater than the university is reporting.
The university had been conducting research using the records of more than 1 million trauma patients from across the UK, including people who had received treatment following terrorist attacks.
The Independent has apparently seen a document addressed to the NHS from the University of Manchester, warning the healthcare provider of the possible breach of patient data. The university has warned of the “potential for NHS data to be made available in the public domain” and has also said that about 250 gigabytes of data were accessed by the as-yet-unknown threat actor.
Some affected patients may not even know their data is being used, as to be on the database — which was created in 2012 — no consent was needed on their behalf.
The NHS has so far made no comment on the breach, and while the University of Manchester has not commented on the NHS data itself, it has said the investigation is ongoing.
“Our investigations into the impact are ongoing, and we are continuing to work with relevant authorities and partners, including the Information Commissioner’s Office, the National Cyber Security Centre (NCSC), the National Crime Agency, and other regulatory bodies,” a university spokesperson told The Independent.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.