News

Lister Fertility Clinic, Nuffield Health and other private clinics affected in huge medical data breach

A document management firm used by UK medical clinics and hospitals has experienced a ransomware attack. As a result of the hack, thousands of people have had their confidential data breached. Lister Fertility Clinic, Nuffield Health and other private clinics are affected in this huge medical data breach.

What has happened?

Stor-a-File is a UK provider of specialist document management services. The company discovered it was facing a ransomware attack in September 2021, when employees could not log in to their computers. Instead, they found messages demanding $4 million in Bitcoin or sensitive material would be leaked. Stor-a-File refused to pay up, and, as a result, criminals leaked some patient data on the dark web. In total, 13 organisations have been affected, six of which are healthcare-related.

The Lister Fertility Clinic & Nuffield Health Leicester Hospital are impacted by the breach

The Lister Fertility Clinic is one of those impacted by the breach. It contacted patients in November to inform them that their confidential data had been accessed by cybercriminals.

The attack also affected the Nuffield Health Leicester Hospital. Patients were informed about the data breach in October. They were also warned to be cautious of any communications claiming to be from Nuffield Health. Marie Stopes and the British Pregnancy Advisory Service clinics are also said to be involved.

Around 1,700 patients are thought to be affected.

What data was accessed in this breach?

Sensitive medical records, including consent forms, medical history, test results, recommendations for treatment, and fertility treatment records, could now be at the mercy of cybercriminals.

Stor-a-File’s clients include several NHS hospital trusts and GP practices, but the company insists that NHS data is not affected. This contradicts a Daily Mail article which claimed that the Russian hackers had dumped highly sensitive NHS data on the dark web, including “details of abortions, HIV tests and mental health issues”.

The police and the Information Commissioner’s Office (the UK’s data protection regulator) are investigating the breach.

Should those affected be worried?

Unfortunately yes. While some people have been told that their data has not yet been shared on the dark web, there is no guarantee that this won’t happen. As well as posting data online – and making private medical procedures public – the hackers might choose to sell the medical records to other criminals. Similar medical data breaches have resulted in fraud, blackmail, identity theft and more. So those affected are likely to be experiencing high levels of distress.

Make a medical data breach compensation claim with Keller Postman UK

If you have been affected by the breach of your medical data, we can help you make a compensation claim for the failure to protect your private and sensitive information. This includes for any emotional distress suffered and any other losses experienced due to the breach (e.g. if cybercriminals used your details to carry out theft or fraud).

 

We are no longer accepting new clients to this action.

Keller Postman

Share
Published by
Keller Postman
3 years ago

Recent Posts

Latest Data Breach Round-Up – June 2024

In our regular update, we provide a roundup of some of the data breaches and… Read More

5 months ago

Join our MOVEit/ Zellis Data Breach Action

We have launched a group action against MOVEit/Zellis. Group actions can be a powerful tool… Read More

5 months ago

One year on – the extent of the MOVEit data hack is just becoming clear

The number of organisations affected by the MoveIt Data Breach is still rising, despite the… Read More

5 months ago

Join our 23andMe Data Breach Action

We have launched a group action against 23andMe. Group actions can be a powerful tool… Read More

5 months ago

ICO and Canadian counterpart to investigate 23andMe data breach

The Information Commissioner’s Office (ICO) has launched a joint investigation into the 23andMe data breach… Read More

5 months ago

Join Our Capita Data Breach Action

We have launched a group action against Capita. Group actions can be a powerful tool… Read More

5 months ago