The Scottish Mail on Sunday - 2021-11-21


Russian cyber gang leaks NHS records on dark web

Sarah Vine on Sunday

By Michael Powell, Molly Clayton and Kevin O’Sullivan

HIGHLY sensitive medical including details of abortions, HIV tests and mental health issues have been leaked online after a major cyber attack. Russian hackers targeted StorA-File, a British data storage company whose clients include GP practices, NHS hospital trusts, local councils, law firms and accountants. The gang demanded a £3million ransom in Bitcoin cryptocurrency, but when Stor-A-File refused, the hackers dumped tens of thousands of files on to the ‘dark web’, a secretive part of the internet used by criminals and terrorists. The documents carry details of British women who have had abortions at clinics run by Marie Stopes and British Pregnancy Advisory Service (BPAS), including names, dates of birth, home addresses, phone numbers and even scans of foetuses. Other stolen records involve those suffering with anorexia, addiction and erectile dysfunction. It is understood the NHS records come from GP practices and no NHS trusts lost data in the attack. The hacking gang, known as Clop or Fancycat, claim the stolen files also contain the names of British military personnel in Kuwait and people who work in military intelligence, although this could not be verified. The Ministry of Defence said it was unable to comment while an investigation was under way. The Information Commissioner’s Office, which can impose multimillion pound fines on companies that fail to keep customers’ data secure, is also investigating, as is the National Crime Agency. Philip Ingram, a former colonel in British military intelligence, said: ‘Private medical data, including deeply personal information relating to women’s abortions records, is the most shocking and awful breach you could imagine. It shows again that these hacking gangs really don’t care who they hurt.’ Stor-A-File employs 90 staff and was established in 1977 by husband and wife Simon and Helen Cockbill. The firm discovered the attack on September 2 when staff were unable to log on to their computers and messages appeared on screens demanding that $4million in Bitcoin be wired or material would be leaked. A Stor-A-File spokesman said: ‘We believe it is irresponsible to deal with criminals and will only serve to perpetuate this kind of activity. Police advised not to, under any circumstances.’ The spokesman added: ‘Our clients were informed once it had been established any of their data may have been compromised. ‘The National Crime Agency has been offering support and advice to some of those affected by this incident. We deeply regret any concern that may have been caused.’ Police believe Clop has also laundered £370 million of criminal money. Spokesmen for Marie Stopes clinics and BPAS said they had contacted all of the patients whose details had been leaked by the hackers.


© PressReader. All rights reserved.