The UK’s National Health Service (NHS) has reportedly fallen victim to another massive cyber-attack, exposing the confidential records of up to 1.2 million patients.
According to reports, an unknown hacker claimed to exploit a weakness in the NHS’ appointment booking system, SwiftQueue.
The vendor is contracted by eight NHS trusts to manage booked appointments, as well as operate terminals in waiting rooms, where patients can check-in upon arrival.
An exclusive report by The Sun states the hacker was able to download SwiftQueue’s entire database of 11 million records, including the personal data of 1.2 million NHS patients.
“I think the public has the right to know how big companies like SwiftQueue handles sensitive data,” the hacker told The Sun. “They can’t even protect patient details.”
The information compromised included patient names, dates of birth, phone numbers and, in some cases, email addresses.
In response to the allegations, SwiftQueue confirmed the hack, while refuting the incident occurred at a much smaller scale.
The company said their initial investigation suggested only 32,500 “lines of administrative data” had been accessed – including “test data” related to “dummy patients.” It added that it did not store patients’ medical records and that passwords were encrypted.
The breach appears to have affected only one NHS trust. However, the company did not specify which facility was impacted or how many patients were affected by the breach.
SwiftQueue said it reported the incident to the Metropolitan Police Cyber Crime Unit earlier this month.
Back in May, the infamous WannaCry ransomware outbreak hit nearly 50 NHS trusts, forcing healthcare providers to turn away patients and cancel scheduled appointments.
After spreading to infect hundreds of thousands of computers across the globe, experts have called the attack the biggest ransomware outbreak in history.