Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

More than a million NHS patients’ details compromised after cyberattack

Exclusive: NHS leaders warned patient data may have been accessed in university cyberattack

Rebecca Thomas
Health Correspondent
Thursday 29 June 2023 11:23 EDT
Comments
The ransomware attack targeted a data set holding details of patients at 200 hospitals
The ransomware attack targeted a data set holding details of patients at 200 hospitals

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

NHS details of more than a million patients have been compromised in a cyberattack, senior health chiefs have been warned.

A recent ransomware attack on the University of Manchester affected an NHS patient data set that holds information on 1.1 million patients across 200 hospitals, leaks to The Independent have confirmed.

Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes.

The information – which includes records of major trauma patients across the country and people treated after terror attacks – was gathered by the university for research purposes.

In its warning to health officials, the university said it did not know how many patients were affected or whether names had also been hacked.

An NHS document seen by The Independent said specialist analysis had shown the university’s back-up servers were accessed, but it is not known who was behind the attack.

As a result of the incident, NHS chiefs were warned by UoM that there is “potential for NHS data to be made available in the public domain” and the data set has since been closed.

Some patients will not know they are on the database, launched in 2012, as they did not need to give consent to be recorded on it.

According to an investigation carried out by the university, analysis suggests around 250 gigabytes of its data was accessed.

In an unrelated incident on August 5 last year, a separate hack led to the outage of software used to access patient data across NHS 111, a dozen mental health trusts, community hospitals and out-of-hours GP services.

The outage lasted weeks and led to significant safety risks such as patients being prescribed the wrong dose of medication and clinicians being unable to properly assess mentally unwell patients.

The Independent previously reported on warnings from experts that the NHS could face further attacks due to fears that cybersecurity had been weakened following the pandemic.

Last weekend, 999 services were hit by a major incident as a technical fault experienced by BT Internet, which runs the lines, led to a delay in calls being transferred to ambulance services. Following the incident, patients were advised to call NHS 111 if they could not get through.

A University of Manchester spokesperson declined to comment regarding the NHS data, but did not deny the breach.

They said: “During the week commencing 5 June, we found out that the university was the victim of a cyber incident.

“We confirmed on 23 June that our systems have been accessed and student and alumni data has been copied. Individuals have been informed of this cyber incident and offered support and advice to further protect their data.

“Our investigations into the impact are ongoing and we are continuing to work with relevant authorities and partners, including the Information Commissioner’s Office, the National Cyber Security Centre (NCSC), the National Crime Agency, and other regulatory bodies.

“Our in-house data experts and external support are working around-the-clock to resolve this incident and respond to its impacts, and we are not able to comment further at this stage.”

A spokesperson for the ICO said: “We can confirm that we have received a report of a ransomware attack at the University of Manchester and are assessing the information provided.”

NHS England declined to comment.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in