Over a million NHS records compromised in cyberattack
Related to University of Manchester attack earlier this month
A cyberattack on the University of Manchester has compromised sensitive personal data belonging to over one million NHS patients.
That includes individuals who have experienced trauma, and victims of terrorism, according to The Independent.
Earlier this month, the University announced it had fallen victim to a cyberattack on 9th June.
Cybercriminals were able to access the data of both current and former students, including names, contact information, addresses, university IDs and demographic data.
Now The Independent reports that the data also included nearly 1.1 million NHS records.
The university had collected the information from over 200 hospitals for medical research purposes, specifically focusing on reports related to major-trauma patients nationwide and the treatment provided to victims of terrorist attacks.
The leaked information includes sensitive details such as NHS numbers and the first three letters of patients' postcodes.
Manchester University has issued a warning to NHS chiefs, alerting them to the possibility of NHS data being exposed to the public.
However, it also notes that it does not know the specific number of patients affected, or whether names were included in the data.
As part of its investigation, the university determined that the cybercriminals had gained unauthorised access to its back-up servers.
Officials have confirmed that the data set has since been closed.
The hackers accessed approximately 250GB of data during the cyberattack.
Some patients will not know about their inclusion in the database, as their consent was not required to be recorded on it when it was launched in 2012.
Attackers pile on pressure
While the identity of the perpetrators is still unknown, the criminals recently sent emails to students and staff, threatening to expose the data unless their ransom demands were fulfilled.
"We have stolen 7 TB of data, including confidential personal information from students and staff, research data, medical data, police reports, drug test results, databases, HR documents, finance documents, and more," they warned.
They also issued a "last warning" to victims, stating their data would be sold on the black market if the university fails to meet ransom demands.
Since the initial disclosure earlier this month, the university has revised and expanded the list of data accessed.
The updated list now includes UCAS numbers and fee status, UCAS disability codes and personally identifiable details like university IDs and dates of birth.
A spokesperson for the ICO said the regulator has received "a report of a ransomware attack at the University of Manchester and are assessing the information provided."
The alleged leak of NHS patient records coincides with NHS England's recent signing of a five-year deal, which involves the implementation of Microsoft 365, a cloud-based online productivity suite, for 1.5 million health service staff.
Bytes Software Services has been awarded the delivery contract for the Microsoft 365 deal, which will grant NHS England staff complete access to the entire suite of Microsoft 365 products.