• United States



UK Editor

NHS data reportedly compromised in University of Manchester cyberattack

Jun 30, 20234 mins
CyberattacksData Breach

A report by The Independent claims NHS details of more than a million patients may have been compromised following the attack.

NHS details of more than a million patients may have been compromised in the recent cyberattack on the UK’s University of Manchester, senior health chiefs have been warned. That’s according to a report by The Independent, which claims to have received leaked evidence that the ransomware attack affected an NHS patient data set that holds information on 1.1 million patients across 200 hospitals. Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes, the report stated.

On June 9, the University of Manchester revealed it had suffered a cyber incident in which systems were accessed by an unauthorised party. At the time, it said it was likely that data had been copied, whilst in-house and external experts were working to resolve the incident, the University said. It notified the relevant authorities including the Information Commissioner’s Office (ICO), the UK National Cyber Security Centre (NCSC), and the National Crime Agency (NCA).

The university has since confirmed that some of its systems have been accessed by a criminal entity with a small proportion of data copied that relates to some students and alumni. This includes names, contact details, gender, dates of birth, university ID numbers, and fee statuses, the university said.

However, the revelation that exposed information may also include NHS data could be of greater significance, with NHS chiefs apparently warned by the university by that there is "potential for NHS data to be made available in the public domain," according to The Independent. Some patients will not know they are on the database, launched in 2012, as they did not need to give consent to be recorded on it, it claimed.

University of Manchester removes off-campus VPN access following attack

In the wake of the incident, the University of Manchester has temporarily removed access to its GlobalProtect VPN service off campus as a precaution. It is not expected to be made available again before August 2023, it said. Meanwhile, some IT services remain affected, resulting in delays to application and admission processes, the university wrote.

It has told students and employees to continue working as normal unless advised otherwise but urged users to follow security guidance including resetting passwords, reporting suspicious activity, avoiding the creation of extra backups, and updating software.

Exposure of NHS, medical data can be catastrophic

"The theft of personally identifiable data is concerning, especially when it includes sensitive medical information," Jake Moore, global cybersecurity advisor at ESET, tells CSO. Ransomware attacks now often involve the release of data, rendering backups insufficient in defending against these attacks, he adds. "Once threat actors obtain critical sensitive data, they can demand any ransom they choose. Unfortunately, the norm is increasingly the release of data, which is catastrophic when the NHS is the unfortunate victim, as patients now need to be more vigilant to scams. This also damages trust between the NHS and their patients, which is what the health service is built upon," Moore says.

Education sector a prime target for cyberattacks

The education sector is a prime target for cyberattacks globally. In January, it was revealed that more than a dozen schools in the UK suffered a cyberattack which led to highly confidential documents being leaked online by cybercriminals. Meanwhile, notorious cybercrime groups such as Vice Society have targeted US colleges and universities in recent ransomware campaigns. Israel's Technion University suffered a ransomware attack by a new group calling itself DarkBit which forced it to proactively block all communication networks. A New South Wales Audit Office report revealed the financial losses of Australian universities following cyberattacks suffered in 2022.

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past 8 years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author