London hospital attackers started leaking blood test data

Cybercriminals behind attacks disrupting at least five London hospitals leaked nearly 400 gigabytes of data, which reportedly included blood test information.

Qilin ransomware started leaking data stolen from England National Health Service (NHS) partner Synnovis labs. According to reports from the BBC, the data includes patient names, dates of birth, NHS numbers, descriptions of blood tests, and other information.

Earlier this month, the Qilin ransomware triggered a halt on critical services at five NHS hospitals in UK capital London. The extent of the attack later ballooned to impact thousands of hospital and general practitioner (GP) appointments.

According to a statement NHS England shared with British media, the organization was aware that the attackers published data supposedly stolen from Synnovis. According to Skynews, over 320 planned operations and 1,294 outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.

The ransomware attack knocked out Synnovis’ networks. The company runs over a hundred specialized labs in London, offering testing and diagnostics for dozens of conditions, from diabetes, genetics, and neuropathy to blood transfusions, immunology, and oncology, according to its website.

The Qilin ransomware gang was first spotted in 2022 after it targeted organizations via phishing emails. According to a report from the cybersecurity firm Group-IB, Qilin operates similarly to other ransomware cartels where affiliates share ransom payments with the gang’s leaders.

Cybernews’ ransomware monitoring tool, Ransomlooker, shows that Qilin has been among the more active cartels, victimizing at least 72 organizations in 2024.