Qilin cyber scum leak data they claim belongs to London hospitals’ pathology provider
- Reference: 1718968507
- News link: https://www.theregister.co.uk/2024/06/21/qilin_cyber_scum_leak_the/
- Source link:
National Health Service (NHS) officials have battled crippling service disruptions across various hospitals in London after Synnovis – a partnership between Synlab and two London NHS Trusts – pulled its systems offline following a Qilin cyberattack.
Qilin told The Register in an [1]interview earlier this week that it would publish the data on June 20, as it did, after the gang severed communications with Synnovis over its perceived unacceptable stalling during the negotiation phase.
[2]
Without reviewing the data that's been made available via the group's [3]Telegram channel, which is Qilin's typical preferred method of leaking victim data, we can see that more than 400GB worth of compressed files were made available for download.
[4]
[5]
Qilin claimed that it stole over 1TB worth of Synnovis' data, so if this data was downloaded and unarchived, the volume would be very likely to match or exceed the gang's claim.
The publication of the data, coupled with Qilin's claims that it grew tired of Synnovis during negotiations, all but confirms the company adhered to the UK's official stance on not paying cybercriminals' ransom demands.
NHS issues another update
For two weeks now, the UK's health service has published once-weekly updates on the situation at London hospitals and this week's edition illustrated just how bad things have become in the space of seven days.
In total, 1,134 elective surgeries have been postponed as a result of [6]Qilin's attack on Synnovis , which began June 4, and 2,194 outpatient appointments have also been pushed back.
[7]
The NHS's previous update from June 14, six days prior to its most recent one, stated that around 1,500 surgeries and appointments had been delayed. That was a combined figure, it should be noted, one that has more than doubled in less than a week.
Dr Chris Streather, medical director for NHS London, said: "Although we are seeing some services operating at near normal levels and have seen a reduction in the number of elective procedures being postponed, the cyberattack on Synnovis is continuing to have a significant impact on NHS services in South East London.
"Having treatment postponed is distressing for patients and their families, and I would like to apologise to any patient who has been impacted by the incident, and staff are continuing to work hard to rearrange appointments and treatments as quickly as possible.
[8]
"Mutual aid agreements between NHS labs have begun to have a positive impact in primary care providers, helping increase the number of blood tests available for the most critical and urgent cases.
"Patients should access services in the normal way by dialing 999 in an emergency and otherwise use NHS 111 through the NHS App, online, or on the phone. They should also continue to attend appointments unless they are told otherwise by the clinic team."
No remorse
The criminals running the Qilin gang told us this week that in targeting Synnovis, they were fully aware that a healthcare crisis would ensue, and that it fully intended to carry out the damage it did. No accidents.
It did express a degree of sympathy to the thousands of affected patients in the capital city, but no regrets.
[9]Crooks get their hands on 500K+ radiology patients' records in cyber-attack
[10]Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals
[11]Court hearings become ransomware concern after justice system breach
[12]Chinese company claims it's built batteries so dense they can power electric airplanes
"We sincerely sympathize with ordinary residents of London and other British cities who have become hostages of this situation," the Qilin spokesperson said. "But we will never regret what we do, because this is a struggle.
"We hope that no one was hurt and we urge ordinary people to think about the true problems that led to this situation."
Qilin shut down further questioning when pressed on how it juggles the ethics of the situation, and when reminded of the scale of the disruption it caused.
"We have already answered your questions. There will be no more clarifications," the spokesperson said hours before leaking the data. ®
Get our [13]Tech Resources
[1] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZnWjlQC5P2eZjL1Iy8934AAAARE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2024/05/14/telegram_ceo_calls_out_rival/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZnWjlQC5P2eZjL1Iy8934AAAARE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZnWjlQC5P2eZjL1Iy8934AAAARE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2024/06/04/suspected_cyberattack_hits_major_london/
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZnWjlQC5P2eZjL1Iy8934AAAARE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZnWjlQC5P2eZjL1Iy8934AAAARE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[9] https://www.theregister.com/2024/06/20/radiology_information_loss/
[10] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/
[11] https://www.theregister.com/2024/01/02/victoria_court_system_breach/
[12] https://www.theregister.com/2023/04/20/catl_dense_batteries_for_planes/
[13] https://whitepapers.theregister.com/
You mean they haven't yet been caught.
Infrastructure should be more resilient than this.
It should never be accessible (and consequently hackable) from the public internet. Air gap it from net-facing systems with human staff.
In general, as well as a fire drill, all companies should do tech drills, operating without access to tech that they may lose in a hack/system failure. For a supermarket chain that means switching to calculators and cash. For trains, that means issuing printed or written tickets. For most organisations, it would mean having printed paper forms ready and a back channel to access archived data on a separate system or on paper.
The idea that we can switch to digital only has to die. We have to be able to function when digital is not working. Trains, planes, hospitals, shops - stuff has to still work.
Contingency plan, with testing
+1, and not only because a hack can bring all your systems to a screeching halt. We had pretty auroral displays from the recent coronal mass ejections: they don't have to be too much bigger to induce system failures, and there are several other ways that your business or service might have to try and limp along without its digital infrastructure.
at least palantir don't completely screw things up when they steal the data.