Barts Health NHS Trust faces ransomware threats from Russian organisation BlackCat

The Russian ransomware group known as BlackCat or ALPHV has recently made a claim that it has successfully stolen seven terabytes of data from Barts Health National Health Service (NHS) Trust.

This claim was made by the gang itself through a post on its dark web data leaks site on June 30. In their announcement, BlackCat described it as the "largest healthcare system data breach in the UK".

Furthermore, BlackCat issued a threat to Barts Trust, stating that the organisation had three days to establish contact regarding the cyber attack and data theft. Failure to comply would result in the gang initiating the online publication of the stolen data, which is said to primarily consist of "confidential documents" belonging to individuals.

According to BlackCat, these documents contain personally identifiable information of both employees and clinicians associated with the Trust, including National Insurance Numbers (referred to as Social Security Numbers by the organisation).

In addition to personal data, the documents are claimed to contain financial information such as client documentation, credit card details, financial reports, accounting and loan data, as well as insurance agreements.

A spokesperson for Barts Trust confirmed that they were aware of the allegations made by BlackCat and that they were urgently investigating the claims.

The method used by BlackCat to obtain the data remains unclear. However, considering the disruptive and destructive nature of ransomware, it is unlikely that this specific threat vector was employed against Barts Trust. This incident serves as a wake-up call, shedding light on the vulnerabilities within the public sector and the urgent need for improved cybersecurity measures.

The ransomware attack on Barts Health NHS Trust is not an isolated event within the UK's public sector. In recent months, various organisations have fallen victim to cyberattacks. The University of Manchester, for instance, experienced a ransomware attack resulting in the breach of an NHS dataset containing information on 1.1 million patients across 200 hospitals.

The spokesperson of the university, Ben Robinson, said: "The university experienced a security incident that led to the exfiltration of data from its systems."

However, he denied commenting on the reported theft of NHS data.

He added: "We confirmed on June 23 that our systems have been accessed and student and alumni data has been copied. Individuals have been informed of this cyber incident and offered support and advice to further protect their data. Our in-house data experts and external support are working around the clock to resolve this incident and respond to its impacts, and we are not able to comment further at this stage."

Furthermore, the University of the West of Scotland and Ofcom, the UK's communications regulator, have reported ongoing cyber incidents.

Apart from this, a number of organisations impacted by the mass hacks exploiting a security flaw in the MOVEit file transfer tool, including energy giant Shell and US-based First Merchants Bank, have confirmed that hackers accessed sensitive data.

Clop, the Russia-linked ransomware group, which has claimed responsibility for the mass MOVEit hacks, claims on its dark web leak site that it published Shell's data after the company refused to negotiate. At the time of writing, links to the published data appear to be broken.

In May 2017, the NHS encountered one of its most significant ransomware attacks when the WannaCry ransomware worm infiltrated its systems. This widespread attack had a global impact, affecting over 300,000 computers. Within the NHS in England and Scotland, approximately 70,000 devices, ranging from computers to critical medical equipment such as theatre equipment, MRI scanners, and blood-storage refrigerators, fell victim to the malicious malware.

The ransomware attack on Barts Health NHS Trust and the wider cybersecurity challenges confronting the public sector in the UK highlight the critical importance of enhancing cybersecurity measures. It is imperative to take proactive steps to bolster security infrastructure, raise employee awareness about cyber threats, and foster collaboration among stakeholders.

These measures are essential to effectively protect sensitive data and maintain public trust in the face of evolving cybersecurity risks.