Security

‘Anonymous Hacker’ Claims To Have Stolen 11 Million NHS Records

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

The hack was carried out to warn patients that their personal data is being exposed, according to an alleged member of the Anonymous hacking group

A NHS contractor has confirmed the theft of patients’ personal details, following reports that records on more than one million individuals were involved.

A hacker claiming to be part of the Anonymous hacking group claimed to The Sun to have stolen data on 1.2 million patients from SwiftQueue, a private contractor that provides booking services to eight NHS trusts.

Personal data lost

The hacker claimed to have penetrated SwiftQueue’s networks by exploiting unpatched software bugs and to have stolen the company’s entire database of 11 million records. The data was linked to up to 1.2 million individuals, according to the report.

The individual claimed to have carried out the attack to raise awareness that patients’ personal data isn’t being handled securely.

“I think the public has the right to know how big companies like SwiftQueue handle sensitive data,” the person said. “They can’t even protect patient details.”

cloud data protectionSwiftQueue acknowledged it had been hacked but said its database is smaller than claimed.

The breach occurred this month, affecting a “small subset of administrative data sets”, and was “fixed within three hours”, the firm said in a statement provided to Silicon UK.

“There were 32,501 lines of administrative data, some of it test data which related to ‘dummy’ patients,” SwiftQueue stated. “We are in the process of informing the patients affected.”

The firm declined to specify how many patients were affected but said no medical records were involved.

What mobile network are you using?

  • Three (30%)
  • EE (25%)
  • Vodafone (19%)
  • O2 (16%)
  • Other (11%)

Loading ... Loading ...

NHS engagement

The Metropolitan Police confirmed it had been notified of the incident on 10 August and said it continues to investigate.

NHS Digital said SwiftQueue informed it of the incident.

“This is limited to names, dates of birth, phone numbers and, in some cases, email addresses,” NHS Digital stated. “We will continue to support SwiftQueue and the NHS as investigations continue.”

The Information Commissioner’s Office (ICO) didn’t immediately respond to a request for comment.

Anonymous has in the past criticised the NHS’ handling of patient data, as in July when a Twitter account linked to the group voiced opposition to the NHS’ controversial decision to provide data to Google subsidiary DeepMind.

But the group has also indicated its support for the NHS as an institution.

Last September it published a video supporting of junior doctors in a dispute regarding NHS contracts that threaten longer hours and lower pay. “Anonymous is going to fight to save the NHS,” the group said in a statement accompanying the video.

In February a Twitter account associated with Anonymous ran the statement, “Speaking of healthcare: Save the NHS!”

How much do you know about privacy? Try our quiz!