{"id":94745,"date":"2023-06-30T07:00:00","date_gmt":"2023-06-30T07:00:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=94745"},"modified":"2023-06-30T07:00:00","modified_gmt":"2023-06-30T07:00:00","slug":"nhs-data-stolen-in-manchester-uni-ransomware-attack","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=94745","title":{"rendered":"NHS data stolen in Manchester Uni ransomware attack"},"content":{"rendered":"
<\/div>\n

The cyber criminal organisation behind the developing ransomware attack on the University of Manchester<\/a> appears to have accessed and stolen personally identifiable information (PII) on over a million NHS patients whose data was held by the university for research purposes.<\/p>\n

According to The<\/em> Independent<\/i><\/a>, which was first to report the latest development, the dataset relates to trauma patients \u2013 including terror attack victims \u2013 treated at more than 200 hospitals, and the compromised information supposedly includes NHS numbers and the first three characters of patients\u2019 home postcodes.<\/p>\n

The university is said to have contacted NHS Trusts over the past few days to warn them of their potential exposure. It\u2019s understood that impacted patients may not have known their data had been shared, and so should be alert to follow-on attacks, phishing emails or contact from the ransomware gang \u2013 which has already been harassing Manchester students<\/a>.<\/p>\n

NHS England declined to comment on the story, while the University of Manchester did not confirm specific details of the incident.<\/p>\n

\u201cWe confirmed on 23 June that our systems have been accessed and student and alumni data has been copied,\u201d said a university spokesperson. \u201cIndividuals have been informed of this cyber incident, and offered support and advice to further protect their data.<\/p>\n

\u201cOur investigations into impact are ongoing and we are continuing to work with relevant authorities and partners, including the Information Commissioner\u2019s Office, the National Cyber Security Centre (NCSC), the National Crime Agency and other regulatory bodies.<\/p>\n

\u201cOur in-house data experts and external support are working around the clock to resolve this incident and respond to its impacts, and we are not able to comment further at this stage.\u201d<\/p>\n

\n

<\/i>Forensics experts<\/h3>\n

The attack on the University of Manchester\u2019s systems came to light earlier in June, and since then, it\u2019s been working with third-party forensics experts and organisations including the NCSC, National Crime Agency (NCA) and the Information Commissioner\u2019s Office (ICO) to establish its impact.<\/p>\n

Data that is confirmed to have been affected<\/a> includes information on students applying for student accommodation and information held on past alumni. The university said it has no evidence to suggest any banking or payment details were accessed.<\/p>\n

At the time of writing, its IT teams have successfully restored most of its systems<\/a>, although some issues are still occurring. Its GlobalProtect VPN service for remote and hybrid workers has been taken offline for all off-campus users, and is not expected to be restored for at least another month.<\/p>\n

Additionally, it is ramping up its data protection and cyber security training for staff, and has offered staff and postgraduate research students a year\u2019s subscription to Experian.<\/p>\n

The identity of the ransomware operator behind the attack remains undisclosed.<\/p>\n

Jake Moore, global cyber security advisor at ESET<\/a>: \u201cAny personally identifiable data stolen is worrying but when the data includes sensitive medical data, the level of concern is heightened. Ransomware attacks are more commonly turning out to be data releasing exercises and so, having data backed up is now no longer enough to withstand these attacks.<\/p>\n

\u201cOnce threat actors get their hands on crucial sensitive information, they can ransom the data for any value they wish. Unfortunately, the release of data into the internet oblivion is fast becoming the usual scenario.\u201d<\/p>\n

Check Point\u2019s<\/a> field chief information security officer (CISO), Deryck Mitchelson, who was formerly director of national digital and CISO at NHS National Services Scotland<\/a>, questioned why the university had access to PII on NHS patients.<\/p>\n

\u201cHow many other universities have this type of data stored on their own servers? Was the data obfuscated or de-identified? Where patient information is being used for research, there should be as much openness and transparency about that use as possible,\u201d he said.<\/p>\n

\u201cWas this the case? What safeguards did the university have in place around its research data? Are research data sets segmented from others? Is it fully encrypted at rest with key rotation in place. Is data access auditable? All of this opens up far more concerning conversations around data sharing between public and private organisations, which needs to be addressed.\u201d<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"

The cyber criminal organisation behind the developing ransomware attack on the University of Manchester appears to have accessed and stolen personally identifiable information (PII) on over a million NHS patients whose data was held by the university for research purposes. According to The Independent, which was first to report the latest development, the dataset relates […]<\/p>\n","protected":false},"author":1,"featured_media":94746,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-94745","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/94745","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=94745"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/94745\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/94746"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=94745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=94745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=94745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}