Cybercrime , Fraud Management & Cybercrime , Governance & Risk Management

Trauma, Terrorist Victim Data Breached in University Attack

NHS Patient Data, Student, Alumni Records Compromised at University of Manchester
Trauma, Terrorist Victim Data Breached in University Attack
Image: University of Manchester

The sensitive personal information of about 1.1 million National Health Service patients including trauma patients and victims of terrorism is reportedly among data compromised in a recent cyberattack on the United Kingdom's University of Manchester. The hacking incident also affected students and alumni.

See Also: Using the Netskope HIPAA Mapping Guide

A "criminal entity" accessed and copied the data in an attack discovered the week of June 6, the university said in an updated statement on Thursday (see: Breach Roundup: More MOVEit Victims, Including US Government).

The compromised NHS data includes records of major trauma patients across England and individuals treated after terror attacks, which the university collected for research purposes, according to media outlet The Independent on Thursday.

Student and alumni information affected by the attack includes names, contacts, addresses, university IDs and demographic data, the university said (see: Breach Roundup: More MOVEit Victims, Including U.S. Government).

The Independent said it had viewed an NHS document containing an analysis of the incident showing that the university's backup servers and about 250 gigabytes of data were accessed in the attack.

Neither the NHS nor the University of Manchester immediately responded to Information Security Media Group's requests for comment and for details involving the attack and data breach.

Ongoing Disruptions

So far, the university said, it has not found evidence suggesting that bank or payment details were compromised in the incident. "However, you should contact your bank for advice if you are concerned," the school advised students and alumni.

The university said it is still dealing with IT system disruptions as it recovers from the attack.

"Access to the GlobalProtect VPN service off campus has been temporarily removed. It is not expected to be made available again before August 2023," the university said on its website Wednesday.

"Colleagues who work remotely may not be able to access some of the systems they need to perform their role. The VPN service is available on campus only."

The university's accommodation system for student housing also are still affected.

"You cannot make an application at this current moment in time. Please keep checking our website regularly for further updates," the university's website says. "While we don’t have a confirmed date when the accommodation system will be available, we hope to be able to accept applications again very soon."

The university said it is working with various government entities in the aftermath of the incident, including the Information Commissioner's Office, the National Cyber Security Center, the National Crime Agency and other regulatory bodies.

Experts say universities and healthcare sector entities across the globe have been prime targets for cybercriminals in recent years.

"Post-secondary schools have been a popular target for ransomware actors since 2019, with at least 52 U.S. institutions having been hit this year alone," said Brett Callow, a threat analyst at security firm Emsisoft.

These entities are a popular target because cybercriminals have found attacks on the sector to be profitable, he said.

"The only way to solve this problem - and ransomware generally - is to alter the risk/reward ratio. In other words, there needs to be more bad guys prosecuted and fewer organizations paying ransoms."

In the United Kingdom, ransomware-as-a-service group BlackCat in February dumped more than 6 gigabytes of information stolen from Ireland's Munster Technological University on the dark web (see: BlackCat Leaks Data Belonging to Irish University).

The NHS also has been a victim of cyberattacks. Last August, an attack on one of its technology providers resulted in several weeks of disruptions for Britain's public health system, including its NHS 111 services (see: Ransomware Attack Caused NHS IT Outage, Says Vendor).

The University of Manchester has not publicly disclosed the cybercriminal group believed to be behind the attack.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.