Rhysida ransomware gang threatens to leak royal family medical data

Ransomware gang strikes again after breaching the systems of King Edward VII’s Hospital in London

Add bookmark
Michael Hill
Michael Hill
12/04/2023

close Up of gate of buckingham palace

The Rhysida ransomware group has threatened to leak sensitive medical data belonging to members of the UK royal family after it breached the computer systems of King Edward VII’s Hospital, which has treated royals such as the Princess of Wales and Prince Philip in recent years. A ransom demand was made on the dark web, where the hackers posted images of what they claim are stolen files including X-rays, letters from consultants, registration forms, handwritten clinical notes and pathology forms, reported the Daily Mail. The UK National Cyber Security Centre (NCSC) has confirmed that it is engaging with the hospital to understand the impact of the incident.

The Rhysida attackers said they plan to release the data on Tuesday unless they are paid £300,000 in bitcoin. Last month, the group claimed responsibility for a highly disruptive cyber attack on the British Library before leaking 573 GB of stolen data.

In June, Russian hacktivist group KillNet launched a distributed-denial-of-service (DDoS) attack against the royal family’s official website which took it offline. KillNet claimed that the attack was launched as part of an “attack on pedophiles” – believed to be a reference to the allegations of sexual abuse of a minor made against Prince Andrew, Duke of York.

Small amount of health data copied in security incident

A hospital spokesman said that a “limited amount of patient information was copied” in the incident which primarily affected “benign hospital systems” data. “We took immediate steps to mitigate its impact and continued to offer patient care, largely as normal,” they added.

Former British military intelligence colonel, Philip Ingram, commented: “Given the highly sensitive nature of the patients, there will be a degree of pressure on the hospital to try to stop any of this data being released. Therefore, I would expect them to explore the possibility of paying the ransom.”

The healthcare sector is a prime target for cyber attacks, with the frequency and severity of incidents increasing in recent years. Last week, US healthcare provider Ardent Health Services faced disruption to clinical and financial operations at six locations following a ransomware attack.


RECOMMENDED