The UK government is considering a potential response to the ransomware attack on pathology lab services provider Synnovis by Russian hacking group Qilin. The news comes after QLIN reportedly obtained the records of 300 million patient interactions with the NHS, containing sensitive information such as HIV and cancer blood test results. In a further blow, patients may have to wait up to six months to have their blood sample taken.
The incident has prompted discussions between the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) regarding possible actions, such as assessing the extent of the breach and removing the data. However, cybersecurity experts have raised concerns about the effectiveness of such an operation if the hackers have already disseminated the stolen information elsewhere.
Meanwhile, the NHS has setup a dedicated helpline to provide support and answer inquiries from worried patients. They have advised individuals who may have been affected by the breach not to reach out to their local healthcare providers for information, as these establishments do not possess the relevant details.
In a statement responding to the news, the Information Commissioner's Office (ICO) said: "While we are continuing to make enquiries into this matter, we recognise the sensitivity of some of the information in question and the worry this may have caused."
"We would urge anyone concerned about how their data has been handled to check our website for advice and support, as well as visiting NHS England's website."
In an update on Monday, The Guardian revealed that the NHS has confirmed the data published online was stolen from the NHS third-party provider, Synnovis. The NHS also suggested that it could take weeks to understand who has been affected by the data breach.
In a statement, NHS England said: "NHS England continues to work with Synnovis and the National Crime Agency to respond to the criminal ransomware attack on Synnovis systems. Synnovis has now confirmed through an initial analysis that the data published by a cybercrime group has been stolen from some of their systems."
"We understand people may be concerned by this, and Synnovis are working at pace to carry out the further analysis required to understand the full scale and nature of the data released and patients impacted.
"At present, Synnovis has confirmed there is no evidence the cybercriminals have published a copy of the database (Laboratory Information Management System) where patient test requests and results are stored, although their investigations are ongoing."
On Tuesday, The Register reported that law enforcement agencies in the UK and US are working together to find Qulin, which operates globally and is understood to have support from the Russian government.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.