Advanced, the IT services provider of NHS has confirmed that a ransomware attack on its servers that took place in August this year led to data breach. However, the firm isn’t prepared yet to confirm the leak of patient data in the attack.
A news resource that only covers details related to the healthcare sector has confirmed that data related to 16 of StaffPlan and Caresys customers were accessed and stolen by hackers.
Lockbit 3.0 ransomware group is suspected to be behind the incident as the ransom note claims its presence so.
NHS Services were deeply disrupted across UK on August 4th with the malware attack and it took quite some time for the IT staff to recover digitally services like ambulance dispatching, doctor references to patient records & treatment and Carenotes used by doctors to access mental health condition of patients.
Senior staff members have confirmed that they did not pay any ransom to the hackers and instead used a disaster recovery plan.
Microsoft and Mandiant (now a business subsidiary of Google) acted as first incident responders and discovered that LockBit 3.0, a ransomware-as-a-service, infiltrated Advanced Computer Network through a Citrix Server vulnerability.
CommonSpirit, a healthcare provider from Chicago operating about 142 hospitals and 2,200 care sites in over 21 states, was also hit by file encrypting malware recently. The non-profit organization admitted that its subsidiaries felt minimal impact on their functioning on October 7th,2022 and restoration to full operational capacity was underway.
For the past two years, hackers are seen targeting healthcare companies as often such companies pay ransom to free up their patient data from leaking online. However, the ransomware spreading groups involved in double-extortion are seen targeting the same victims twice or thrice a year and this suggests that paying ransom will definitely encourage the said crime.
