Cybercrime
,
Fraud Management & Cybercrime
,
Governance & Risk Management
NHS Patient Data, Student, Alumni Records Compromised at University of Manchester
The sensitive personal information of about 1.1 million National Health Service patients including trauma patients and victims of terrorism is reportedly among data compromised in a recent cyberattack on the United Kingdom’s University of Manchester. The hacking incident also affected students and alumni.
See Also: Live Webinar | The Secret Sauce to Secrets Management
A “criminal entity” accessed and copied the data in an attack discovered the week of June 6, the university said in an updated statement on Thursday (see: Breach Roundup: More MOVEit Victims, Including US Government).
The compromised NHS data includes records of major trauma patients across England and individuals treated after terror attacks, which the university collected for research purposes, according to media outlet The Independent on Thursday.
Student and alumni information affected by the attack includes names, contacts, addresses, university IDs and demographic data, the university said (see: Breach Roundup: More MOVEit Victims, Including U.S. Government).
The Independent said it had viewed an NHS document containing an analysis of the incident showing that the university’s backup servers and about 250 gigabytes of data were accessed in the attack.
Neither the NHS nor the University of Manchester immediately responded to Information Security Media Group’s requests for comment and for details involving the attack and data breach.
Ongoing Disruptions
So far, the university said, it has not found evidence suggesting that bank or payment details were compromised in the incident. “However, you should contact your bank for advice if you are concerned,” the school advised students and alumni.
The university said it is still dealing with IT system disruptions as it recovers from the attack.
“Access to the GlobalProtect VPN service off campus has been temporarily removed. It is not expected to be made available again before August 2023,” the university said on its website Wednesday.
“Colleagues who work remotely may not be able to access some of the systems they need to perform their role. The VPN service is available on campus only.”
The university’s accommodation system for student housing also are still affected.
“You cannot make an application at this current moment in time. Please keep checking our website regularly for further updates,” the university’s website says. “While we don’t have a confirmed date when the accommodation system will be available, we hope to be able to accept applications again very soon.”
The university said it is working with various government entities in the aftermath of the incident, including the Information Commissioner’s Office, the National Cyber Security Center, the National Crime Agency and other regulatory bodies.
Experts say universities and healthcare sector entities across the globe have been prime targets for cybercriminals in recent years.
“Post-secondary schools have been a popular target for ransomware actors since 2019, with at least 52 U.S. institutions having been hit this year alone,” said Brett Callow, a threat analyst at security firm Emsisoft.
These entities are a popular target because cybercriminals have found attacks on the sector to be profitable, he said.
“The only way to solve this problem – and ransomware generally – is to alter the risk/reward ratio. In other words, there needs to be more bad guys prosecuted and fewer organizations paying ransoms.”
In the United Kingdom, ransomware-as-a-service group BlackCat in February dumped more than 6 gigabytes of information stolen from Ireland’s Munster Technological University on the dark web (see: BlackCat Leaks Data Belonging to Irish University).
The NHS also has been a victim of cyberattacks. Last August, an attack on one of its technology providers resulted in several weeks of disruptions for Britain’s public health system, including its NHS 111 services (see: Ransomware Attack Caused NHS IT Outage, Says Vendor).
The University of Manchester has not publicly disclosed the cybercriminal group believed to be behind the attack.