Info@NationalCyberSecurity
Info@NationalCyberSecurity

Cyber expert urges against ‘panic’ over NHS data leak | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Image source, NHS DUMFRIES AND GALLOWAY

Image caption, Thousands of patient records have been posted on the dark web by a ransomware group

  • Author, David Cowan
  • Role, Home Affairs Correspondent

The founding chief executive of the UK’s National Cyber Security Centre has urged people not to panic after a Scottish health board was targeted by cyber criminals.

Ciaran Martin said it was very rare that data breaches involving medical information result in “actual harm” to members of the public.

It is believed to include clinical information on thousands of patients, including children, and financial data on staff.

Mr Martin, once called Britain’s “top cyber spy,” led the National Cyber Security Centre (NCSC) when it was established as part of GCHQ intelligence gathering agency in 2016.

Some of the data came from the Child and Adolescent Mental Health Service (Camhs) and efforts are under way to identify any individuals who have been affected.

People in Dumfries and Galloway have been advised to remain vigilant and to contact the police if they are approached by someone claiming to have their personal data or NHS data.

Extra insurance has been offered to the board’s 5,000 staff to protect them from identity theft or fraud.

Image caption, Ciaran Martin said it was ‘unusual’ for patients to come to direct harm due to the leaking of data

Mr Martin, who left the role in 2020 and is now a professor at the University of Oxford, said: “It’s a very difficult situation but experience from the rest of the world suggests that even when this data is dumped on the dark web, relatively little direct harm occurs.

“A good example is Australia, where over a third of the population’s full medical records were leaked onto the dark web.”

Mr Martin said a concerted government-led effort minimised the impact of the Australian leak.

“Police and other authorities were clear that there’d be consequences if there was any sort of extortion,” said Mr Martin.

“Although it’s very unpleasant, the data just sort of sat there and there’s no evidence of any direct harm, even though nearly 10 million people’s full medical records were affected.

“People shouldn’t panic. There isn’t going to be a Google searchable database of people’s medical records or people’s bank details. That’s not the way this works.

“It is relatively rare, not unknown, but relatively rare for individuals to suffer direct sort of harm, embarrassment or extortion.”

Image source, NATIONAL CRIME AGENCY

Image caption, LockBit founder Dmitry Khoroshev was unmasked during a joint operation between the UK, US and Australia

So far, there has not been any messaging from Police Scotland warning people not to access or share the stolen data.

INC Ransom has been linked to a series of cyber attacks in the United States and Europe since last year.

A campaign led by the UK’s National Crime Agency infiltrated and took over the group’s network.

Sanctions against the group’s alleged leader Russian national Dmitry Khoroshev have been announced and a $10m reward for information leading to his arrest and/or conviction has been offered by the United States.

Mr Martin said: “It’s relatively rare for ransomware criminals to suffer consequences, simply because of the awkward fact that they tend to be based in Russia.

“It’s the world’s largest open camp and safe haven for cyber criminals and the Russian police don’t go after them most of the time.

“Russia does not extradite its own citizens, so the chances of somebody behind this horrible attack being behind bars, either in Russia or, more appropriately in Scotland are, I’m afraid, pretty low.

“We have just seen a superb operation by the UK National Crime Agency which destroyed the infrastructure of the LockBit ransomware group and exposed their ringleader.

“But it’s very difficult when there’s large scale crime happening remotely from an unfriendly jurisdiction.”

——————————————————–


Click Here For The Original Source.

.........................

National Cyber Security

FREE
VIEW