NHS details of more than a million patients have been compromised in a cyberattack, senior health chiefs have been warned.
A recent ransomware attack on the University of Manchester affected an NHS patient dataset that holds information on 1.1 million patients across 200 hospitals, according to a report in The Independent.
Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes. The information is believed to include records of major trauma patients across the country and people treated after terror attacks, which was gathered by the university for research purposes.
In its warning to health officials, the university said it did not know how many patients were affected or whether names had also been hacked.
Responding to the leak, Suid Adeyanju, CEO, RiverSafe, warned: “Cybercriminals will continuously target critical national infrastructure like the NHS with ransomware attacks in an effort to steal confidential patient data. Tackling this threat requires not only the latest cyber protection technology but ensuring that all staff are properly trained about the dangers of phishing emails and online scams used to gain access to these systems.
“The rising tide of cyberattacks is set to continue indefinitely, so getting a grip on the steps needed to secure data and minimise risk should be a top priority for the NHS,” added Adeyanju.
An NHS document seen by The Independent said specialist analysis had shown the university’s backup servers were accessed, but it is not known who was behind the attack.
As a result of the incident, NHS chiefs were warned by UoM that there is ‘potential for NHS data to be made available in the public domain’ and the dataset has since been closed.
Some patients will not know they are on the database, launched in 2012, as they did not need to give consent to be recorded on it.
According to an investigation carried out by the university, analysis suggests around 250 gigabytes of its data was accessed.