Barts Health NHS Trust appears on Blackcat ransomware gang’s blog

Barts Health NHS Trust has appeared on the dark web victim blog of Russian ransomware gang Blackcat, which claimed to have stolen more than seven TB of sensitive data in a cyber attack.

Blackcat, also known as ALPHV, claims to have stolen data that includes CVs and financial reports as well as internal hospital information. It had set a deadline of July 3 for the trust to cooperate, but details of any ransom demands have still not been published.

The gang said on its blog that it had “confidential documents of citizens” and would release the data if the trust did not engage in negotiations.

Barts Health NHS Trust is a collection of six hospitals and ten clinics in East London and oversees the care of more than 2.5 million patients. According to a report from Bloomberg, the trust may not have been on the receiving end of a ransomware attack.

Brett Callow, a threat analyst at cybersecurity firm Emsisoft, indicated that the signs suggest the ransomware has not yet been deployed by the gang.

As quoted in the report, he said: “Had the ransomware been deployed, the disruption would have been noticeable – and potentially very significant. The gang may have chosen not to use their own ransomware, or Barts may have detected and blocked the encryption part of the attack.

Speaking on Friday, a spokesperson for Barts confirmed that the organization was aware of the claims and was investigating “as a matter of urgency”.

Four days have passed since Blackcat posted Bart’s name online, with no further information remaining beyond its initial statement to support its claims.

The most recently confirmed ransomware attack took place at the University of Manchester, where NHS details of over one million patients were compromised.

The university has access to information on 1.1 million patients from 200 hospitals, after expert analysis has given strong suggestions that this data has been accessed maliciously.