NHS patients’ medical data hacked
NHS patients face a potential security breach after computer hackers gained access to health service passwords.
The group, which calls itself LulzSec, said that it had accessed a system that handles sensitive patient data. Last week it stole a million data records from a Sony website.
It published an email showing that it had informed the NHS of the security breach and saying “we mean you no harm and only want to help you fix your tech issues”.
It had taken master “admin” passwords from the system “months ago” while searching the internet for other materials, but had not exploited them.
On its Twitter account, which it uses to boast about its attacks, LulzSec claimed it had reported the security vulnerability after the dying wishes of Alice Pyne, a 15-year-old British terminal cancer sufferer whose online “bucket list” has become an internet phenomenon.
It said: “Greetings … we’re a somewhat known band of pirate-ninjas that go by LulzSec. Some time ago, we were traversing the internet for signs of enemy fleets. While you aren’t considered an enemy – your work is of course brilliant – we did stumble upon several of your admin passwords.”
The Department of Health admitted that the system had been breached, but said it was only on a local level. It has reported the incident to police.
“This is a local issue affecting a small number of website administrators,” a spokesman said. “No patient information has been compromised. No national NHS information systems have been affected.”
The incident is the latest in a string of computer security breaches, and has raised concerns about the security of patient data, which is being digitised en masse and uploaded to a national system as part of the much-delayed NHS national programme for IT.
LulzSec emerged in May when it published a database of more than 70,000 American X Factor contestants’ personal details, including their dates of birth and phone numbers. In a hacking spree, it has attacked Nintendo and Sony, and an FBI-linked security association. It says its attacks are for entertainment purposes.
Tags: Health Professionals, IT disaster, Labour shambles, NHS waste, NPfIT, preventable crisis