GCHQ investigates attack on royal hospital

A third party gained unauthorised access to confidential medical information from King Edward VII's Hospital

Edward VII's Hospital. Source: Wikimedia

Image:
Edward VII's Hospital. Source: Wikimedia

GCHQ is reportedly investigating a cyberattack at King Edward VII's Hospital in London which has previously treated Queen Elizabeth II and Prince Philip, among other members of the Royal family.

GCHQ is reportedly investigating a cyberattack at King Edward VII's Hospital in London which has previously treated Queen Elizabeth II and Prince Philip, among other members of the Royal family.

According to The Telegraph, The National Cyber Security Centre (NCSC), the cybersecurity organisation of GCHQ, is working on an investigation into the attack, described by the hospital as an "IT security incident."

The breach, occurring earlier this month, involved a "third-party" gaining unauthorised access to confidential medical information, including doctors' letters and pathology reports of some patients. The hospital's website was also affected during the breach.

The hospital has said that the medical data of royal family members is kept separately and remains unaffected by the breach.

The NCSC, in its recent warning, highlighted a "significant threat" posed by states and state-aligned groups to the UK's national assets, and ransomware attacks have become a prevalent concern. The NCSC specifically pointed out the involvement of Russian-language criminals and the targeting of critical national infrastructure by Iran's Islamic Revolutionary Guard Corps.

Hospital chief executive, Justin Vale, stated in a letter to affected patients that the breach was promptly identified, contained and steps were taken to mitigate its impact.

The third-party responsible for the incident managed to copy a small amount of data from the hospital's systems, with fewer than 1% of patients affected, he said. While mainly internal hospital systems data was compromised, some patients' personal data, including health information, was also copied.

Patients affected by the breach have been offered free "identity and credit monitoring" to safeguard against potential fraudulent activities. The hospital, emphasised that the vast majority of patients remain unaffected, expressed apologies for any concern caused by the incident.

Buckingham Palace has not commented on the matter.