UK’s Healthcare System Under Siege as Ransomware Gang Claims ‘Biggest Ever’ Breach

The largest NHS trust in the United Kingdom, Barts Health NHS Trust, was recently hit by a ransomware attack. The ALPHV, or BlackCat, ransomware gang recently went after the trust, which runs five hospitals in London and cares for over 2.5 million patients. The group claims to have stolen 70 terabytes of data, making this the largest data breach in the history of the healthcare industry in the United Kingdom.

Some of the sensitive information that was stolen and posted on a dark web leak site includes employee identification documents like passports and driver’s licenses and internal emails labeled “confidential.” While the full scope of the breach has yet to be disclosed, it is deeply concerning that such sensitive information may have been compromised.

The security breach has been acknowledged by Barts Health NHS Trust, and they are currently conducting an investigation. The trust, however, has not challenged ALPHV’s claims about the missing information. The UK’s cybersecurity agency, the National Cyber Security Centre, is also contributing to the probe. There is an immediate need for improved cybersecurity measures in the healthcare sector, as evidenced by the incident at Barts Health NHS Trust, the second breach of NHS data in recent weeks.

The University of Manchester Ransomware Attack

The University of Manchester was also the target of a ransomware attack in June, joining the likes of Barts Health NHS Trust. A dataset containing information on 1.1 million patients from 200 hospitals in the NHS was stolen from a university and used in a hacking attack. Patients’ NHS numbers and the first three letters of their postcodes were among the data that was compromised.

The University of Manchester has confirmed the security breach and the loss of data, but it has remained silent on the rumored theft of NHS records. The university has promised those whose data was compromised that they will help them take precautions. The National Cyber Security Centre is looking into the hack, which should tell you something about how serious the breach is and how badly the education sector needs to step up its cybersecurity game.

Cyberattacks in the U.K. Public Sector

Two recent examples of cyberattacks against U.K. public sector institutions are the attacks on Barts Health NHS Trust and the University of Manchester. There has been a spate of cyber incidents in the public sector in recent months, revealing flaws in essential institutions.

Ofcom, the United Kingdom’s communications regulator, admitted that it had been breached by the Clop ransomware gang, which had exploited a vulnerability in Progress Software’s MOVEit Transfer managed file transfer service on a massive scale. This incident emphasizes the significance of keeping software up-to-date and patched to avoid security flaws.

Limited information suggests that the University of the West of Scotland (UWS) has also reported a cyber incident that is still ongoing. The attack on UWS highlights the importance of all educational institutions implementing proactive cybersecurity measures and incident response protocols.

In May, a ransomware attack crippled British outsourcing giant Capita, making it one of the most significant cyber incidents in the UK government sector. More than 90 businesses had their security compromised, and the Black Basta ransomware group claimed responsibility for the attack. Nearly 500,000 members of the Universities Superannuation Scheme (USS), the largest private pension provider in the United Kingdom, had their personal information compromised due to a security breach.

Uncomfortably, Capita has acknowledged that the cyberattack affected its own pension fund. The company informed its employees that a data breach had exposed some of their private information. Cybersecurity measures, such as regular security audits and employee training, are essential in light of the recent incident.

When it was discovered that Capita had left a trove of data exposed online for seven years, the company experienced a second security incident. Comprehensive data protection measures, such as secure data storage and regular vulnerability assessments, are essential in light of this incident.

The recent cyberattacks on UK government institutions highlight the critical importance of bolstering the country’s cybersecurity measures. These assaults emphasize the need for preventative security measures and constant vigilance in light of the vulnerabilities that exist in vital institutions.

Preventing Future Cyberattacks in the U.K.

A combination of strategies is needed to counter the growing number of cyberattacks in the United Kingdom. Important measures to improve cybersecurity and lessen the likelihood of future attacks include the following:

1. Organizations should invest in strong security measures by making cybersecurity a top priority and providing sufficient resources for its implementation. Firewalls, anti-virus programs, and IDSs should all be set up and kept up to date.
2. Train Personnel: Employee ignorance is a major contributor to cybersecurity breaches. Educating workers on the most prevalent cyber threats and providing them with instruction in data security best practices should be a top priority for any organization.
3. You should use multi-factor authentication because it improves security by making it so that users have to provide more than one form of identification before being granted access. This can significantly lessen the possibility of malicious actors gaining access to private data.
4. Cybercriminals frequently take advantage of security holes in software, so it’s important to regularly patch and update it. Patching and updating software on a regular basis is essential for minimizing security risks.
5. Conduct Security Audits on a Regular Basis: Performing security audits on a regular basis can help identify weak points in a company’s infrastructure. Organizations can take preventative measures against security breaches by undergoing these audits.
6. Data encryption is a crucial tool for safeguarding private information. If information is encrypted, it can’t be read by an unauthorized party even if it’s stolen.
7. Consistently backing up data is essential for quick restoration after a cyberattack. When it comes to protecting and restoring mission-critical data, organizations should use automated backup systems.
8. Create an Incident Response Plan: Having a clear strategy for handling and minimizing the effects of a cyberattack is crucial. The steps to be taken in the event of a breach and the roles of key personnel should be spelled out in detail in this plan.

U.K. government agencies and nonprofits can better protect themselves from cyber threats by implementing these practices. A secure and resilient cyber landscape can only be achieved through the combined efforts of all stakeholders, including government agencies, public institutions, and private organizations.

The United Kingdom must prioritize cybersecurity and take preventative measures to safeguard vital infrastructure and private data from the ever-increasing frequency and sophistication of cyberattacks. The United Kingdom can protect its public sector from future cyber threats by investing in robust security measures, educating employees, and implementing best practices.

First reported on TechCrunch

The post UK’s Healthcare System Under Siege as Ransomware Gang Claims ‘Biggest Ever’ Breach appeared first on ReadWrite.

ReadWrite

Deanna Ritchie

Managing Editor at ReadWrite

Deanna is the Managing Editor at ReadWrite. Previously she worked as the Editor in Chief for Startup Grind and has over 20+ years of experience in content management and content development.

(21)