Hackers demand £300,000 to not leak royal family's medical records

GCHQ and the police are investigating the attack

Hackers demand £300,000 to not leak royal family's medical records

Image:
Hackers demand £300,000 to not leak royal family's medical records

A hacking group has targeted the prestigious King Edward VII's Hospital and is threatening to expose private health data of royal family members unless a ransom of £300,000 in bitcoin is paid.

The group named Rhysida, after a venomous tropical centipede, claims to have obtained a treasure trove of sensitive information, including "X-rays, letters from consultants, registration forms, handwritten clinical notes, and pathology forms."

The Daily Mail reports that the hackers released a statement on the dark web, saying, "Unique files are presented to your attention! Data from the Royal Family! A large amount of patient and employee data. Sale in one lot!!"

The royal family has used the services of King Edward VII's Hospital for more than a century.

The late Queen Elizabeth and her husband Prince Philip, who spent an extended period at the hospital before his passing in 2021, are among the notable royals who have sought treatment there.

The Duchess of York, Sarah, underwent surgery and spent a number of days at the hospital during the summer.

In 2012, the Princess of Wales, Kate, received treatment at the hospital for severe morning sickness during her first pregnancy.

At that time, an Australian DJ called the hospital, obtaining and broadcasting details about the health of the then-Duchess of Cambridge.

The hospital was forced to issue an apology for the privacy violation.

Now, with the latest cyber threat, the royal family faces yet another challenge to safeguard their private medical information.

The cyberattack has prompted immediate action from the UK's intelligence agencies, with GCHQ and the police launching an investigation into the hacking group.

A spokesperson for the National Cyber Security Centre (NCSC) said, "We are engaging with King Edward VII's Hospital to understand the impact."

At this stage, however, there is only a certain amount the authorities can do if the data really has been stolen.

Former military intelligence colonel Philip Ingram pointed out that the stolen information could be duplicated and sold to other cybercrime gangs, exacerbating the national security risk.

"The difficulty is that the attack has already happened, and many of those high-profile clients will be taking risk mitigations themselves. To that extent the damage has been done," Ingram said.

The hospital confirmed the cyberattack last month, stating that it had taken immediate steps to mitigate the impact of the incident and had initiated an internal investigation.

While the hospital did not confirm the identity of the party behind the attack, it indicated that fewer than 1% of its patients were affected.

It said the affected individuals have been notified of the potential risk of data misuse.

Justin Vale, the hospital's chief executive, assured affected patients that immediate steps were taken to contain the incident, and a comprehensive investigation revealed that a small amount of data, including some personal health information, was copied.

"While this was primarily benign hospital systems data, a limited amount of patient information was copied," the hospital said.

The incident has added to concerns about the security of critical national assets. The NCSC recently issued a warning about the persistent threat posed to these assets by states and state-aligned groups.

Ransomware attacks, including the recent targeting of the British Library, were highlighted as a prominent threat.