CyberSecurity news
FlagThis - #healthcaresecurity
|
Dissent@DataBreaches.Net
//
The Qilin ransomware group's cyberattack on Synnovis, an NHS vendor, has had a devastating impact, directly harming 170 patients. The attack, which occurred sometime before June 18, 2025, led to the cancellation of over 10,000 appointments across two London NHS trusts. Additionally, numerous GP practices in London faced disruptions in their ability to order blood tests for patients, further compounding the healthcare crisis. The severity of the harm varied, with one case classified as "severe," 14 as "moderate," and the remaining cases categorized as "low harm."
This recent report updates earlier estimates from January 2025, which had reported two cases of major harm, 11 cases of moderate harm, and over 120 cases of minor harm. The continued impact highlights the vulnerability of healthcare infrastructure to cyber threats and the potential for patient care to be severely compromised. The attack on Synnovis underscores the critical need for robust cybersecurity measures within the healthcare sector, especially among third-party vendors that handle sensitive patient data. Qilin is rapidly ascending in the ransomware landscape amid the decline of other major players such as RansomHub and LockBit. A recent report from the Cybereason Security Services Team highlights a "turbulent realignment" within the ransomware world. This shift is driven by factors like unexpected takeovers, public defacements, and leaks of critical infrastructure data. MKA Accountants, an Australian accounting firm, has also confirmed a Qilin ransomware attack, where the gang published internal documents and financial statements. This incident highlights Qilin's broad targeting scope and increasing prominence as a full-service cybercrime platform.
Share:
References :
Classification:
Pauline Dornig@it-daily.net
//
The ransomware group Interlock has claimed responsibility for the recent cyberattack on Kettering Health, a US healthcare organization comprised of hospitals, clinics, and medical centers in Ohio. The attack, which initially disrupted the healthcare system on May 20th, forced the shutdown of all computer systems and has left Kettering Health struggling to fully recover over two weeks later. CNN first reported on Interlock’s involvement in the breach, but at the time, the group had not publicly taken credit, leading to speculation that ransom negotiations might be underway. However, Interlock has now come forward, potentially indicating that negotiations with Kettering Health have been unsuccessful.
Interlock announced its involvement by posting alleged stolen data on its dark web site, claiming to have exfiltrated over 940 gigabytes of data from Kettering Health’s internal network. A preliminary review of the posted files indicates that the stolen data includes sensitive private health information, such as patient names, patient numbers, and detailed clinical summaries. These summaries contain sensitive information including mental status assessments, medication lists, health concerns, and other specific details about patients' medical conditions. The stolen data also encompasses employee information and the contents of shared drives, raising concerns about further potential privacy breaches. The cyberattack has severely impacted Kettering Health's operations. Since the initial breach, numerous medical procedures have been canceled or postponed, forcing healthcare professionals to revert to paper-based documentation. This digital standstill has significantly affected clinical care for approximately 1.5 million patients annually. While Kettering Health has reported progress in restoring its systems, including bringing the electronic health record (EHR) system "Epic" back online with the help of around 200 employees, the full extent of the damage and the long-term consequences of the data breach are still unfolding.
Share:
References :
Classification:
|