Ransomware threat actors dump NHS records on the ‘dark web’: Highly sensitive medical documents are leaked online after hackers’ £3million Bitcoin ransom is rejected

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Last week, this site reported that a U.K. fertility clinic had been impacted by an attack on Stor-a-File, their document scanning vendor.  This week, there was more bad news for Stor-A-File clients. Michael Powell, Molly Clayton, and Kevin O’Sullivan report that Clop threat actors have dumped sensitive files on their dark web leak site when Stor-A-File did not pay their £3million ransom demand.

The files reportedly include “highly sensitive medical records including details of abortions, HIV tests and mental health issues.”

NHS records are believed to come from GP practices and not from NHS trusts.

Of note, the documents reportedly carry details of British women who have had abortions at clinics run by Marie Stopes and British Pregnancy Advisory Service (BPAS), including names, dates of birth, home addresses, phone numbers and even scans of foetuses.

This is not the first breach involving BPAS. DataBreaches.net reported on a breach of their system back in 2012. BPAS was fined for that breach by the ICO in 2014, and the perpetrator confessed and was sentenced to jail. In this case, though, this was an attack on their vendor, not on them directly. Will any of Stor-A-File’s clients be found responsible in any way for this incident? Was there anything they could have done or should have done that they didn’t do? Eventually, I expect we will see a report on the Stor-A-File matter.

For now, though, thousands of patients have had their sensitive information just dumped on the dark web through no fault of their own.

Read more on Daily Mail.

For its part, Clop claims on its site that it never attacks certain types of entities:

We have never attacked hospitals, orphanages, nursing homes, charitable foundations, and we will not.
Commercial pharmaceutical organizations are not eligible for this list;
they are the only ones who benefit from the current pandemic.
If an attack mistakenly occurs on one of the foregoing organizations, we will provide the decryptor for free, apologize and help fix the vulnerabilities.

Apparently that doesn’t include vendors for medical facilities?

Clop Notice
Image: DataBreaches.net

Read the article