View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Over one million NHS records leaked during University of Manchester cyberattack

Information collected from the health service for use in research has probably fallen into the hands of hackers.

By Claudia Glover

Over one million NHS patient records have been accessed by the cybercriminals who attacked the University of Manchester, it has been reported. The data had been gathered by the university for research purposes.

NHS records among data leaked during Manchester University cyberattack. (Photo by John B Hewitt/Shutterstock)

Among the leaked details are NHS numbers and the first three letters of patients’ postcodes.

NHS records leaked during University of Manchester cyberattack

The university announced it had been subject to a cyberattack on 9 June, and that data of past and present students and alumni had been accessed by cybercriminals. It explained that it was conducting an investigation and was in contact with the UK’s National Cybersecurity Centre (NCSC). 

Now The Independent has reported the data accessed included 1.1 million NHS records that had been gathered for the purposes of medical research from more than 200 hospitals. The data includes reports of major-trauma patients across the country and treatment for victims of terrorist attacks.

The university has admitted to NHS officials that it does not know how many patients were affected or whether names had also been hacked, according to a memo seen by The Independent.

As a result of the incident, NHS chiefs were warned by Manchester University that there is “potential for NHS data to be made available in the public domain.” The data set has since been closed, but an investigation undertaken by the university has found that back-up servers were accessed.

Manchester University has updated the list of data seen by cybercriminals, which now includes universities and colleges admissions service (UCAS) numbers and fee status, UCAS disability codes, as well as personally identifiable information such as university IDs and dates of birth. 

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The university’s priority is to resolve this issue, it said in a statement alongside the updated information. “Our in-house experts and external support are working around the clock to resolve this incident and respond to its impacts,” it said. “We are continuing our investigations”

Tech Monitor has approached the University of Manchester and the NHS for comment but has not received any response at the time of writing. 

Triple extortion threats to students

The perpetrators of the attack have not yet come forward, and it is not known what level of ransom has been demanded.

But the exposed data has since reportedly been used to contact students in an effort to get them to apply pressure to the university to pay up. In their email to affected students, the criminals claim they have research data, medical data, police reports, drug tests results, databases, HR documents, finance documents and more.

“The administration is fully aware of the situation and had been in discussion with us for over a week,” the hackers said. “They value money above the privacy and security of their students and employees. They do not care about you or that ALL your personal information and research work will be sold or made public.”

This information will be used against the students if the university does not pay up, the anonymous cybercriminals explained in a separate email. “Ever cheat on exams? Accused of misconduct? Have health incident? We have proof, and soon everyone will have this proof too,” they wrote. “Think about your future and your career. This data can destroy your life.”

The tactic of contacting individual victims of an attack is known as triple extortion, and has been seen in use as part of the ongoing MOVEit Transfer supply chain attack. Staff at the BBC have reportedly been contacted directly by hackers in an effort to persuade the broadcaster to pay the ransom.

Read more: Ransomware gang Akira adds malware targeting Linux to its arsenal


Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.