NHS patient data published on the Dark Web

In a concerning development, a well-known ransomware collective known as INC Ransom has recently disclosed a portion of pilfered data linked to the UK’s National Health Service (NHS) on the obscure corners of the internet known as the dark web. Investigations into the matter have identified the compromised data as originating from NHS Dumfries and Galloway. Additionally, the group has declared its intention to release approximately 6 terabytes of data obtained from another healthcare entity based in Scotland.

Notably, the communication from the perpetrators also contains substantiating evidence indicating the authenticity of the disclosed information pertaining to the NHS board. The threat actors affiliated with INC Ransom ransomware have set forth demands for a ransom payment to be fulfilled by the first week of April this year.

The purloined data encompasses sensitive details including names, addresses, and medical histories of individuals associated with the British healthcare provider. Furthermore, the criminals have issued threats to vend this information to interested parties, including state-sponsored actors, if their demands are not met within a specified timeframe.

It is becoming increasingly common for cybercriminals to target the healthcare sector due to the lucrative nature of their extortion schemes. By exploiting vulnerabilities in healthcare systems, these perpetrators not only extort ransom payments from afflicted institutions but also leverage the personal information of patients for additional blackmailing opportunities.

Consequently, the profitability of such attacks has surged since 2021, prompting a concerning trend in cybercrime. Moreover, certain adversarial nations, such as North Korea, are known to enlist or train cybercriminals to conduct attacks on various targets including cryptocurrency exchanges, financial institutions, and manufacturing sectors. The proceeds from such illicit activities are often channeled into funding nefarious agendas such as the development of weaponry.

Implementing a blanket ban on digital currencies may prove ineffective as there lacks a centralized authority to oversee these transactions. Consequently, apprehending offenders engaged in such criminal activities poses a significant challenge for law enforcement agencies, particularly while the crimes are ongoing.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display