Doctor examine patient data showing cyber attack affecting NHS data

250GB of NHS Patient Data Leaked in the University of Manchester Cyber Attack

The British media outlet The Independent reported a cyber attack that leaked patient data of over a million NHS patients.

The incident, described as a ransomware attack, impacted the University of Manchester (UoM), which holds patient information of 1.1 million patients across 200 hospitals.

UoM is working with relevant authorities to resolve the incident, but warned that the exposed patient data could become publicly available.

University of Manchester cyber attack leaked 250 GB of NHS patient data

The Independent reported that the leaked patient data included NHS numbers and the first three letters of patients’ postcodes. Approximately 250 gigabytes of patient data were accessed from the database that was launched in 2012.

The trove included patient data of major trauma patients and terror attack victims and was gathered by the university for research purposes.

Some potentially impacted patients did not consent to provide the information and might be unaware of the breach. UoM was yet to determine if the cyber attack leaked the patients’ names and the number of potential victims.

Although the UoM has secured the compromised database, it warned NHS chiefs that there was a “potential for NHS data to be made available in the public domain.”

The identity of the threat actors behind the ransomware attack on the University of Manchester remains a mystery. However, The Independent confirmed that the cyber attack compromised the institution’s backup server.

Meanwhile, The University of Manchester is “working with the relevant authorities, including the Information Commissioner’s Office, the National Cyber Security Centre (NCSC), the National Crime Agency, and other regulatory bodies” to address the cyber incident.

The Information Commissioner’s Office is also investigating the University of Manchester cyber attack. The NHS is yet to respond publicly to the cyber attack, but the UoM’s data security experts were reportedly working relentlessly to resolve the incident and mitigate its impacts.

Although the data breach source remains unclear, the university has removed access to the GlobalProtect VPN service. However, other IT services remain largely unaffected.

Cybercriminals have frequently targeted the NHS and its IT partners

This is hardly the first time hackers have targeted the NHS and its IT partner institutions. On August 5, 2022, a cyber attack disrupted access to patient data across various systems leading to improper assessment and wrong prescriptions.

The incident that impacted the UoM started on June 5, 2023, and leaked student and alumni data, including their names, contact details, gender, dates of birth, university ID numbers, and fee statuses.

Although financial details were not exposed, the university offered postgraduate research students 12 months of complimentary identity theft protection with Experian. Staff members and students have reportedly received emails from individuals threatening to sell their data online.

UK education institutions are also prime targets, with at least three-quarters (78%) recording cyber attacks between 2019 and 2022, according to an audit report by the National Cyber Security Centre (NCSC) and the National Grid for Learning (LGfL).

Similarly, a July 2022 report by cybersecurity firm SOPHOS found that 56% and 64% of lower and higher education institutions suffered a ransomware attack the previous year.

The UoM cyber attack raises serious questions about NHS England’s IT partners’ cybersecurity and data collection practices, and the reasons for sharing patient data with a private learning institution.