It’s time for another monthly cybersecurity round-up. As ever, cybercrime continues to target all industries and sectors, proving that no organisation is immune from attack.
On the 26th of July, it was reported that two south coast ambulance trusts (The South Central Ambulance Service and the South Western Ambulance Service) had fallen victim to a cyber attack.
The two trusts collectively serve a population of over twelve million people, and this recent attack has limited access to electronic patient records. NHS England is actively investigating the cyber incident alongside the police, and all efforts are going into restoring the affected systems.
The NHS Cyber Security Operations Centre is working with the affected organisations to address the situation and provide updates in the coming weeks.
Over 1.1 million patients’ data was potentially exposed at the end of June through a cyberattack on the University of Manchester.
The details exposed may have included NHS numbers and the first three letters of patient postcodes. The university had gathered the information for research purposes and included information of major trauma patients and patients treated after terror attacks.
It is not clear whether names of patients were also stolen, or exactly how many people were affected by the breach. The unknown hackers accessed around 250 gigabytes of data through the universities back up servers, and NHS officials were warned of potential data leakage to the public.
Consent was not required from patients for the database, so those affected may be unaware if their details were included. Investigations are said to be ongoing with the relevant authorities.
An unnamed Yorkshire company has been saved from a ransomware attack thanks to a tip off from the National Cyber Security Centre. The identity of the business has not been revealed, but North Yorkshire Police described them as a major “Yorkshire Coast Company” worth £35 million.
North Yorkshire Police’s cybercrime unit successfully foiled the attack, preventing significant damage to the Yorkshire Coast company. Ransomware attacks are a significant threat facing the UK and North Yorkshire businesses are frequently targeted. This incident demonstrates the critical role that the local cybercrime team played and its ability to respond rapidly to protect a business.
The North Yorkshire Cybercrime unit provide training resources to help local firms defend against cybercrime and actively engage with the community to teach good online security techniques.
The University of West of Scotland (UWS) suffered a major cyber attack earlier this month. The attack affected digital systems and led to the council choosing to block email communications to and from the university as a protective measure in order to shield their network.
Since the attack, the university has established a new email service, ICT network, and devices to restore basic operations, and is now not considered a threat to other organisations and networks.
The council has since removed the block on emails, but they advised people to be cautious when dealing with emails from university colleagues, delete suspicious emails, and communicate directly with the sender if in any doubt.
It is said that the university has actively managed the incident and worked with experts, police, the Scottish Government, Information Commissioner, and the National Cyber Security Centre in response to the attack.
Pro-Kremlin groups such as UserSec and Anonymous Russia have been linked to targeted attacks on UK airports, including London City Airport and Birmingham Airport.
Flight operations were unaffected by the attacks, but London City Airport experienced downtime on the website. The incident has raised concerns. Airports are critical infrastructure points and proactive cybersecurity measures are imperative to protect them.
The hacking group NoName, also pro-Kremlin, claimed responsibility to a previous attack on London City Airport back in May. These two incidents highlight the need for robust cybersecurity to safeguard critical systems and industries, and require collaboration between experts, the private sector, and the government.
These attacks come not long after other significant UK data breaches of major organisations Boots, British Airways, and the BBC, which we highlighted in our June round-up.
UK based entities are continuing to be targeted by hackers and businesses need to remain vigilant.
Cyber attacks do not just affect one business or one organisation. The impact can be felt by many, particularly when it affects our critical infrastructures, which is why sharing intelligence, expertise and resources is vital to prevent and respond to cyber incidents effectively.
Please contact us if you need support with your cybersecurity.