The NHS has once again been the target of hackers, this time with a member of the famous group Anonymous managing to breach the appointment booking system and expose details of 1.2 million patients.
SwiftQueue, who handles appointments of eight NHS trusts, confirmed the hack, but said that only some 32,500 “lines of administrative data” had been exposed following the breach. This includes personal details of patients, like names, dates of birth, phone numbers, and email addresses.
On the other hand, SwiftQueue says that no medical records have been accessed, and passwords are entirely secure because they’re encrypted.
“We recently became aware of a cyber attack which affected a small subset of administrative data sets, with the breach fixed within three hours. There were 32,501 lines of administrative data, some of it test data which related to ‘dummy’ patients. We are in the process of informing the patients affected,” the company says.
Anonymous: We stole the whole database
On the other hand, Anonymous says the database the hacker managed to access is substantially larger, claiming a database containing no less than 11 million records was downloaded, including here passwords.
“I think the public has the right to know how big companies like SwiftQueue handle sensitive data. They can’t even protect patient details,” a hacker linked with group was quoted as saying.
The NHS has also confirmed the breach, emphasizing that SwiftQueue does not hold any medical information, while the Metropolitan Police acknowledged an attack on August 10. Additionally, SwiftQueue explains that its database is not as big as Anonymous claims it is, pointing out that a database that large (containing 11 million records) is not stored on its systems.