Data of Lister fertility clinic patients compromised in a ransomware attack

Data of Lister fertility clinic patients compromised in a ransomware attack

Data of Lister fertility clinic patients compromised in a ransomware attack

Medical records of patients at Lister Fertility Clinic were compromised in a ransomware attack that struck a document management firm that handled the clinic’s data.

In a letter sent to about 1,700 patients, Lister Fertility Clinic said that a ransomware attack on Stor-a-file Limited, a firm that scans medical records for the clinic, compromised the sensitive information of patients.

In its letter, the fertility clinic confirmed that it had patient files stored in the Stor-a-file IT system that was “hacked” by a “cyber-gang”. Stored medical records included consent forms, treatment recommendations, medical history, test results, and fertility treatment records. Financial information like credit or debit card details were not included.

“We were advised by Stor-a-file that the cyber-gang that accessed their systems made a ransom demand which was not paid and that the gang has released some of the data that they accessed on the dark web,” the clinic added. While the cyber-gang who attacked Stor-a-file did say that it won’t release any medical records on the dark web, the clinic told its patients that it can’t be sure about that.

The document management firm said that the ransomware attack affected 13 organisations, six of them in the healthcare sector. In a statement, the firm said, “The incident occurred in September. The ICO and police were contacted as soon as we knew what had happened. Our clients were informed once it had been established any of their data may have been compromised.

“From our investigations, the incident is limited to the small number of records we hold electronically. Everyone whose data may have been affected has been contacted. The millions of company and organisation records, held physically in boxes on shelves in our warehouses were unaffected,” the firm added.

Stor-a-file said the same ransomware attack also affected the Nuffield Health Leicester Hospital. Although data was compromised after an attack on “a third-party document management services supplier”, the hospital confirmed that no “medical scans, images, diagnostic, payment card or contact information about Nuffield Health patients have been published online”.

The document management firm, which takes “cyber-security extremely seriously” says it has removed all third-party software from its IT system to prevent any similar issues in the future. “The Information Commissioner’s Office (ICO) has been notified, as have the police. Over the past few weeks, we have been supported by the Leicestershire Cyber Crime Unit and we have been liaising with the ICO,” it added.

Commenting on the security incident, George Papamargaritis, MSS Director of Obrela Security Industries told Teiss, “This is a devastating cyberattack where people’s extremely confidential information has been accessed by criminals. The information could be used in further extortion attacks or sold on the Dark Web, with healthcare information earning cybercriminals much more money than credit card data.

“Healthcare organisations have recently become a major target for cybercriminals, with a recent study from Obrela revealing that 81 percent of UK healthcare organisations have suffered a ransomware attack in the last year, which resulted in 38 percent paying a ransom demand.

“Given these increased attacks, healthcare organisations must work to prioritise their cybersecurity now, by implementing tools which prevent attackers getting into systems and deploying malware, while always verifying the security of their supply chain,” he added.

Also Read: Hacker group hacks into London cosmetic surgery clinic; steals pictures of celebs

Copyright Lyonsdown Limited 2021

Top Articles

2,500 years of Threat Intelligence

In order for threat intelligence to deliver as promised, we need to heed Sun Tzu and start with a data-driven approach.

Don’t fall foul of homoglyph web domains

Homoglyphs are characters from other scripts, which can look like Latin letters. They are used in domain names and they are very hard to spot.

Cyber attack targeted Spanish beer maker Damm; halted brewery operations

Damm, Spain's second largest beer-making company, suffered a major cyber attack targeting one of its IT systems last week.

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]