A ransomware attack on the University of Manchester has exposed the details of 1.1 million NHS patients from across 200 hospitals.
According to The Independent, information about major trauma patients was collected by the university for research purposes, and includes details of patients from across the UK. It is believed that NHS patient numbers have been leaked, as well as parts of their postcodes.
An internal investigation suggests that as much as 250GB of information was accessed during the breach by un unknown actor.
NHS data at risk
The database was launched in 2012 and contains more than a decade’s worth of patient data. It’s unclear how much of this was accessed at present, but NHS chiefs have been warned of the “potential for NHS data to be made available in the public domain.”
A University of Manchester spokesperson told The Independent:
“We confirmed on 23 June that our systems have been accessed and student and alumni data has been copied. Individuals have been informed of this cyber incident and offered support and advice to further protect their data.”
The spokesperson confirmed that the university is collaborating with partners like the Information Commissioner’s Office, the National Cyber Security Centre (NCSC), the National Crime Agency, and other authorities and regulatory bodies, as it seeks to address the leak.
While details of the threat actor behind the attack are currently scarce, the incident looks not to be connected to the MOVEit file transfer service which has been hacked in recent weeks, causing headaches for tens of organizations and bodies across the globe.
The NHS has not yet made a public comment on the breach and is likely waiting to live out the investigation ahead of notifying potential victims.