Barts Health NHS Trust appears on blog of BlackCat ransomware gang

Barts Health NHS Trust has appeared on the dark web victim blog of Russian ransomware gang BlackCat, who claim to have stolen over seven TB of sensitive data in a cyber attack.

BlackCat, also known as ALPHV, claimed to have stolen data that includes CVs and financial reports, as well as internal hospital information. It had set a deadline for the trust to co-operate of 3 July, but details of any ransom demand have still yet to be published.

The gang said on its blog that it has “citizens’ confidential documents” and that it will release the data should the trust not engage in negotiations.

Barts Health NHS Trust is a collection of six hospitals and ten clinics in East London and oversees the care of over 2.5 million patients. The trust may not have been on the end of a ransomware attack though, according to a Bloomberg report.

Brett Callow, a threat analyst at the cyber security firm Emsisoft, indicated that signs suggested ransomware had not yet been deployed by the gang.

As quoted in the report, he said: “Had ransomware been deployed, the disruption would likely have been noticeable – and possibly very significant. The gang may have chosen not to use its ransomware, or Barts detected and blocked the encryption part of the attack.”

Speaking on Friday, a spokesperson for Barts confirmed that the organisation was aware of the claims and was investigating “as a matter of urgency”.

With four days having passed since Barts’ name was posted online by BlackCat, there remains no further information, other than its initial statement, to support its claims.

A recent confirmed ransomware attack was on the University of Manchester, where NHS details of more than one million patients were compromised.

The university holds information on 1.1 million patients from 200 hospitals, with strong suggestions  following specialist analysis that this data has been accessed maliciously.