Staff at one of the UK’s largest hospital groups have spent a nervous week wondering if private data, stolen from their employer’s IT systems by a ransomware gang, is going to be splurged online after a deadline to prevent publication passed.
The theft was confirmed by Barts Health NHS Trust, which said it was “urgently investigating” the raid.
Some personally identifiable information belong to workers has already been leaked by the ransomware gang on its website as proof of the intrusion and exfiltration, including people’s financial details, CVs, and copies of passports and driving licenses. It’s not clear if or how much patient or medical data is involved. As one of hundreds of NHS trusts in the country, Barts manages five hospitals in the capital and says it serves about 2.5 million people.
The criminals behind the attack are the notorious BlackCat crew, aka AlphaV, who have lately made a habit of going after healthcare providers in search of sensitive data.
BlackCat, linked to the DarkSide Russian squad, is a so-called triple extortion operation. In its early days, it offered ransomware-as-a-service: affiliates would rent malware to infect machines, encrypting their files, and requiring a ransom to restore them.