A notorious hacking gang known as ALPHV, or BlackCat, has announced that it successfully infiltrated one of the UK’s largest hospital groups, threatening to expose a vast collection of confidential data. The gang’s statement revealed that it had gained unauthorised access to seven terabytes of internal documents belonging to the Barts Health NHS Trust, responsible for managing five hospitals in London, serving approximately 2.5 million individuals.
According to a Bloomberg report, ALPHV has gained notoriety for deploying ransomware, a malicious software that encrypts victims’ computers, rendering them unusable until a ransom is paid. However, the recent trend among hacking groups involves stealing data without deploying ransomware, but subsequently demanding payment to prevent the publication of the stolen information.
Currently, it remains unclear whether the gang resorted to their ransomware tactics on the computers within the London hospitals, namely St. Bartholomew’s, the Royal London, Mile End, Whipps Cross, and Newham.
Brett Callow, a threat analyst at the cybersecurity firm Emsisoft, indicated that initial signs suggested ransomware had not yet been deployed by the gang.
“Had ransomware been deployed, the disruption would likely have been noticeable - and possibly very significant,” Callow said, as quoted in a Bloomberg report. “The gang may have chosen not to use its ransomware, or Barts detected and blocked the encryption part of the attack.”
ALPHV released a selection of files obtained from Barts Health, including confidential internal emails, correspondence, and copies of employees’ driving licenses and passports. In a statement on its dark web page written in broken English, ALPHV claimed that the haul of data from Barts Health represented the “most bigger leak from health care system in UK”.
ALPHV has been active since November 2021, targeting numerous companies across diverse sectors such as construction, engineering, retail, transportation, commercial services, insurance, telecommunications, and pharmaceuticals.
A report by Unit 42, a cybersecurity team at Palo Alto Networks Inc., revealed that the gang recruits “affiliates” on cybercrime forums, effectively renting out its ransomware to facilitate attacks on companies and organisations.
The UK’s National Health Service (NHS) has faced significant disruption due to cyberattacks in the past. In 2017, a widespread ransomware named WannaCry affected numerous hospitals, leading to the cancellation of countless appointments and operations. Last year, an attack on Advanced, a software provider for the NHS, disrupted certain patient services for weeks.
“We are aware of claims of a ransomware attack and are urgently investigating,” a spokesperson for the Barts Health said, according to Bloomberg.
Have something to say about this story? Leave a comment below and share your thoughts.