NHS details of more than a million patients may have been compromised in the recent cyberattack on the UK’s University of Manchester, senior health chiefs have been warned. That’s according to a report by The Independent, which claims to have received leaked evidence that the ransomware attack affected an NHS patient data set that holds information on 1.1 million patients across 200 hospitals. Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes, the report stated.\n\n\nOn June 9, the University of Manchester revealed it had suffered a cyber incident in which systems were accessed by an unauthorised party. At the time, it said it was likely that data had been copied, whilst in-house and external experts were working to resolve the incident, the University said. It notified the relevant authorities including the Information Commissioner’s Office (ICO), the UK National Cyber Security Centre (NCSC), and the National Crime Agency (NCA).\n\n\nThe university has since confirmed that some of its systems have been accessed by a criminal entity with a small proportion of data copied that relates to some students and alumni. This includes names, contact details, gender, dates of birth, university ID numbers, and fee statuses, the university said.\n\nHowever, the revelation that exposed information may also include NHS data could be of greater significance, with NHS chiefs apparently warned by the university by that there is \u201cpotential for NHS data to be made available in the public domain,\u201d according to The Independent. Some patients will not know they are on the database, launched in 2012, as they did not need to give consent to be recorded on it, it claimed.\n\nUniversity of Manchester removes off-campus VPN access following attack\n\nIn the wake of the incident, the University of Manchester has temporarily removed access to its GlobalProtect VPN service off campus as a precaution. It is not expected to be made available again before August 2023, it said. Meanwhile, some IT services remain affected, resulting in delays to application and admission processes, the university wrote.\n\nIt has told students and employees to continue working as normal unless advised otherwise but urged users to follow security guidance including resetting passwords, reporting suspicious activity, avoiding the creation of extra backups, and updating software.\n\nExposure of NHS, medical data can be catastrophic\n\n\u201cThe theft of personally identifiable data is concerning, especially when it includes sensitive medical information,\u201d Jake Moore, global cybersecurity advisor at ESET, tells CSO. Ransomware attacks now often involve the release of data, rendering backups insufficient in defending against these attacks, he adds. \u201cOnce threat actors obtain critical sensitive data, they can demand any ransom they choose. Unfortunately, the norm is increasingly the release of data, which is catastrophic when the NHS is the unfortunate victim, as patients now need to be more vigilant to scams. This also damages trust between the NHS and their patients, which is what the health service is built upon,\u201d Moore says.\n\nEducation sector a prime target for cyberattacks\n\nThe education sector is a prime target for cyberattacks globally. In January, it was revealed that more than a dozen schools in the UK suffered a cyberattack which led to highly confidential documents being leaked online by cybercriminals. Meanwhile, notorious cybercrime groups such as Vice Society have targeted US colleges and universities in recent ransomware campaigns. Israel\u2019s Technion University suffered a ransomware attack by a new group calling itself DarkBit which forced it to proactively block all communication networks. A New South Wales Audit Office report revealed the financial losses of Australian universities following cyberattacks suffered in 2022.