Qilin Ransomware Attack – What You Need to Know

We briefly talk about the latest data breach to hit the headlines – the Qilin NHS ransomware attack – and what this means to you.

Firstly, what happened?

Well, in early June 2024, an NHS provider called Synnovis got hacked, and lots of patient data got stolen. Not only that, but the attackers responsible – a Russia-linked hacker group called Qilin – installed ransomware on the IT systems of Synnovis, leading to massive disruption including thousands of cancelled operations and tests at several London hospitals.

For the uninitiated, ransomware is malware that encrypts important files on a computer system, and you can only get that encrypted data back if you pay up for a decryption key. Even removing the ransomware infection won’t get your encrypted files back. It has been reported that Qilin were asking for a hefty £40 million payday.

Usually hacker groups demand money from their victims to stop stolen data from being released, and for a decryption key for encrypted files. It’s not particularly clear if any of that happened, especially since the Qilin group say the attack was actually politically motivated, not financially motivated (a claim to which may have expressed skepticism). Either way, it’s doubtful any money was sent to the hackers since the personal data of NHS patients has winded its way up on the Dark Net.

It’s already been called one of the worst ransomware attacks to affect the UK, due in part because it has resulted in thousands of operations and tests being cancelled, as well as the large trove of patient data to have been leaked online.


Sponsored Content. Continued below…




What was stolen?

In a 400GB treasure trove of stolen information, it has been reported that the leaked patient data includes –

  • Patients names
  • Birthdates
  • NHS numbers
  • Blood test details

However, the exact nature of the leaked information and its authenticity is still being evaluated, which means no one knows currently if their information was involved in this data breach and exactly what was leaked.

What happens now?

The idea that your personal data including details about blood tests have been leaked online and could now be in the hands of online criminals isn’t a nice one.

As with any data breach where individual data is leaked online, the danger is that cyber-crooks will use that information to create targeted attempts to scam people (called spear-phishing) .

It’s not immediately clear exactly how scammers will use this information against victims, but examples could include scam phishing emails purporting to be from the NHS. These scam emails could use stolen details about a recipient to make the email appear more convincing, such as a recipient’s name and NHS number. These emails then could link to spoof NHS webpages that will trick visitors into handing over even more information about themselves, including financial data.

As always, be cautious when you received unsolicited emails, texts or phone calls, even if they appear to already know your name and NHS number. If in doubt, don’t respond, and contact the NHS (or relevant entity) directly using your existing paperwork and contact details.

And remember to keep yourself in the loop when it comes to cybersecurity. We [and others] will report on any specific instances of scammers trying to exploit this data breach.