[BreachExchange] Russian cyber gang dumps NHS records on the 'dark web': Highly sensitive medical documents are leaked online after hackers' £3million Bitcoin ransom is rejected

[Terrell Byrd]

https://www.dailymail.co.uk/news/article-10225281/Highly-sensitive-medical-documents-leaked-online-hackers-3million-Bitcoin-ransom-rejected.html

Highly sensitive medical records including details of abortions, HIV tests
and mental health issues have been leaked online after a major cyber attack.

Russian hackers targeted Stor-A-File, a British data storage company whose
clients include GP practices, NHS hospital trusts, local councils, law
firms and accountants.

The gang demanded a £3million ransom in Bitcoin cryptocurrency, but when
Stor-A-File refused, the hackers dumped tens of thousands of files on to
the ‘dark web’, a secretive part of the internet used by criminals and
terrorists.

The documents carry details of British women who have had abortions at
clinics run by Marie Stopes and British Pregnancy Advisory Service (BPAS),
including names, dates of birth, home addresses, phone numbers and even
scans of foetuses.

Other stolen records involve those suffering with anorexia, addiction and
erectile dysfunction.

It is understood the NHS records come from GP practices and no NHS trusts
lost data in the attack.

The hacking gang, known as Clop or Fancycat, claim the stolen files also
contain the names of British military personnel in Kuwait and people who
work in military intelligence, although this could not be verified.

The Ministry of Defence said it was unable to comment while an
investigation was under way.

The Information Commissioner’s Office, which can impose multi-million pound
fines on companies that fail to keep customers’ data secure, is also
investigating, as is the National Crime Agency.

Philip Ingram, a former colonel in British military intelligence, said:
‘Private medical data, including deeply personal information relating to
women’s abortions records, is the most shocking and awful breach you could
imagine.

'It shows again that these hacking gangs really don’t care who they hurt.’

Stor-A-File employs 90 staff and was established in 1977 by husband and
wife Simon and Helen Cockbill.

The firm discovered the attack on September 2 when staff were unable to log
on to their computers and messages appeared on screens demanding that $4
million in Bitcoin be wired or material would be leaked.

A Stor-A-File spokesman said: ‘We believe it is irresponsible to deal with
criminals and will only serve to perpetuate this kind of activity. Police
advised not to, under any circumstances.’

The spokesman added: ‘Our clients were informed once it had been
established any of their data may have been compromised.

‘The National Crime Agency has been offering support and advice to some of
those affected by this incident. We deeply regret any concern that may have
been caused.’

Police believe Clop has also laundered £370 million of criminal money.

Spokesmen for Marie Stopes clinics and BPAS said they had contacted all of
the patients whose details had been leaked by the hackers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211122/ceb5c50b/attachment.html>