In a recent incident, the University of Manchester (UoM) experienced a ransomware attack that resulted in a data breach of over a million patients related to the NHS. The stolen data includes sensitive information such as NHS numbers, the first three letters of postal codes, and details of patients seeking treatment for major trauma and those affected by terror attacks. This breach has caused embarrassment to the staff of the university, as the data was being used for research purposes by some students.
It is unclear why the stolen information, which was stored on backup servers, remained unencrypted. Some sources from the university claim that the data was encrypted, but the hackers managed to break into the algorithm and access the information. Approximately 250 gigabytes of data were stolen, including information related to GP services.
The University of Manchester has not provided further details about the incident but has taken immediate action by contacting the Information Commissioner’s Office (ICO), the National Cyber Security Centre (NCSC), and the National Crime Agency to thoroughly investigate the breach. This incident highlights the increasing interest of cybercriminals in financial, educational, and healthcare information, as such data is in high demand on the dark web.
It is worth noting that the NHS has been in the news for data breaches and its apparent lack of seriousness in protecting patient and staff information. Despite claiming to have implemented proactive measures, the organization has consistently faced challenges in safeguarding data.
Key points:
1.
2. The University of Manchester experienced a ransomware attack resulting in a data breach of over a million NHS patient records.
3. The stolen data includes sensitive information such as NHS numbers and details of patients seeking treatment for major trauma and terror attacks.
4. It is unclear why the stolen information remained unencrypted, but the hackers managed to break into the encryption algorithm.
5. The university has contacted relevant authorities to investigate the breach, highlighting the increasing interest of cybercriminals in financial, educational, and healthcare information.