A report by The Independent claims NHS details of more than a million patients may have been compromised following the attack. Credit: Skorzewiak/Shutterstock NHS details of more than a million patients may have been compromised in the recent cyberattack on the UK’s University of Manchester, senior health chiefs have been warned. That’s according to a report by The Independent, which claims to have received leaked evidence that the ransomware attack affected an NHS patient data set that holds information on 1.1 million patients across 200 hospitals. Among the details potentially exposed are NHS numbers and the first three letters of patients’ postcodes, the report stated. On June 9, the University of Manchester revealed it had suffered a cyber incident in which systems were accessed by an unauthorised party. At the time, it said it was likely that data had been copied, whilst in-house and external experts were working to resolve the incident, the University said. It notified the relevant authorities including the Information Commissioner’s Office (ICO), the UK National Cyber Security Centre (NCSC), and the National Crime Agency (NCA). The university has since confirmed that some of its systems have been accessed by a criminal entity with a small proportion of data copied that relates to some students and alumni. This includes names, contact details, gender, dates of birth, university ID numbers, and fee statuses, the university said. However, the revelation that exposed information may also include NHS data could be of greater significance, with NHS chiefs apparently warned by the university by that there is "potential for NHS data to be made available in the public domain," according to The Independent. Some patients will not know they are on the database, launched in 2012, as they did not need to give consent to be recorded on it, it claimed. University of Manchester removes off-campus VPN access following attack In the wake of the incident, the University of Manchester has temporarily removed access to its GlobalProtect VPN service off campus as a precaution. It is not expected to be made available again before August 2023, it said. Meanwhile, some IT services remain affected, resulting in delays to application and admission processes, the university wrote. It has told students and employees to continue working as normal unless advised otherwise but urged users to follow security guidance including resetting passwords, reporting suspicious activity, avoiding the creation of extra backups, and updating software. Exposure of NHS, medical data can be catastrophic "The theft of personally identifiable data is concerning, especially when it includes sensitive medical information," Jake Moore, global cybersecurity advisor at ESET, tells CSO. Ransomware attacks now often involve the release of data, rendering backups insufficient in defending against these attacks, he adds. "Once threat actors obtain critical sensitive data, they can demand any ransom they choose. Unfortunately, the norm is increasingly the release of data, which is catastrophic when the NHS is the unfortunate victim, as patients now need to be more vigilant to scams. This also damages trust between the NHS and their patients, which is what the health service is built upon," Moore says. Education sector a prime target for cyberattacks The education sector is a prime target for cyberattacks globally. In January, it was revealed that more than a dozen schools in the UK suffered a cyberattack which led to highly confidential documents being leaked online by cybercriminals. Meanwhile, notorious cybercrime groups such as Vice Society have targeted US colleges and universities in recent ransomware campaigns. Israel's Technion University suffered a ransomware attack by a new group calling itself DarkBit which forced it to proactively block all communication networks. A New South Wales Audit Office report revealed the financial losses of Australian universities following cyberattacks suffered in 2022. Related content brandpost Shifting security left: DevSecOps meets virtualization By Anthony Ricco, CMO of Corellium. 01 Jul 2023 4 mins Security news analysis Attackers add hacked servers to commercial proxy networks for profit Proxyjacking allows attackers to sell unknowing victims' unused network bandwidth. By Lucian Constantin 30 Jun 2023 4 mins Cybercrime news Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software. By Apurva Venkat 30 Jun 2023 4 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news First state-sponsored cyberattack against UK government revealed two decades later Rare insight marks the 20th anniversary of a state-backed malware attack on a UK government department. By Michael Hill 30 Jun 2023 3 mins Cyberattacks Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe