A group of cybercriminals has announced that they have successfully breached one of the largest hospital groups in the United Kingdom.
The gang, known as ALPHV or BlackCat.
They posted a statement on Friday claiming they obtained seven terabytes of internal documents from the Barts Health NHS Trust. This trust manages five major hospitals in London. They were providing care for approximately 2.5 million people.
It is important to note that ALPHV is known for using ransomware, malicious software that encrypts a victim's computer and demands payment for decryption.
However, hacking gangs are shifting towards stealing data and threatening to publish it unless paid. It is currently unclear whether the gang has deployed ransomware on the computers at Barts Health NHS Trust.
The trust includes St. Bartholomews, the Royal London, Mile End, Whipps Cross, and Newham hospitals. A spokesperson from Barts Health stated on Friday that they are aware of claims regarding a ransomware attack and are conducting an urgent investigation.
According to Brett Callow, a threat analyst at cybersecurity firm Emsisoft.
Early indications suggest that the gang still needs to deploy ransomware in this case if ransomware had been used.
It likely caused noticeable disruption and potentially significant damage. Callow also suggests that Barts Health may have either detected and blocked the encryption part of the attack or that ALPHV chose not to use its typical ransomware approach.
The hackers behind ALPHV published a selection of stolen files from Barts Health, including employees' driving licenses and passports and internal emails marked confidential. On their dark web page with a broken English writing style, the hackers claimed this data haul from Barts Health as "the most significant leak from the healthcare system in the UK. "
These ALPHV hackers communicate primarily in Russian and have been active since November 2021. They target a wide range of companies across various sectors, as highlighted in a report by Unit 42, the cybersecurity team at Palo Alto Networks Inc. The targeted sectors include construction, engineering, retail, transportation, commercial services, insurance, telecommunications, and pharmaceuticals. According to a report, the gang has been observed recruiting "affiliates" on cybercrime forums to rent out their ransomware to hack companies and organizations. They have previously targeted and disrupted Germany's fuel distribution system by hacking firms like Mabanaft GmbH and Oiltanking GmbH Group.
Additionally, they claimed responsibility for a hack that targeted the Italys GSE energy agency. The UK's National Health Service has also faced significant cyberattack disruption. In 2017 numerous hospitals were affected by the spread of WannaCry ransomware resulting in thousands of appointments and operations being canceled. This information is detailed in a report on that specific incident. Furthermore, last year in August, an attack on Advanced, a software provider for the NHS, caused disruptions to certain patient services that lasted for weeks.