Heads up! A bunch of UK councils are alerting residents that their data might be at risk following a ransomware attack on Nottingham Rehab Supplies (NRS) Healthcare. This company, which provides health and care equipment to many local authorities, got hit at the start of April 2024, taking their website offline. Read on to learn more about the fallout.
Information on the ransomware attack
NRS says they’re in the “recovery phase” right now. However several local councils have been informed that residents’ personal data might have been compromised.
As sad as it is, it’s no surprise to see another attack on a hospital. Unfortunately, they’re great targets for cyber criminals as the medical data they hold is often lucrative.
East Lothian Council announced on May 14 that they’re investigating the attack’s extent. They haven’t confirmed any personal data breaches yet. Waltham Forest Council echoed this on May 16, noting they’re aware of a possible breach but don’t have details yet. They assured residents that if data is breached, they will inform both the Information Commissioner’s Office (ICO) and the individuals affected immediately. Camden Council in London is in a similar boat, uncertain if personal data was accessed.
However, Buckinghamshire Council confirmed on May 16 that personal data had been breached due to the attack. They are working with NRS to figure out the scope and will contact affected clients directly. They’ve also notified the ICO and will follow any required steps.
What to do now?
With these breaches, councils are urging residents to be extra cautious about social engineering attacks. Watch out for any suspicious emails, texts, phone calls, or home visits. East Lothian Council advised that legitimate visitors will have branded ID badges, which you should ask to see before letting anyone in. They also suggest regularly changing your key safe number if you have one.
William Wright, CEO of Closed Door Security, pointed out that the delay in warning customers means that data could have been in the hands of hackers for weeks. He stressed that NRS Healthcare needs to prioritise informing affected individuals so they can protect themselves.
This incident highlights the risks of sharing confidential data with third-party suppliers. Brian Boyd, Head of Technical Delivery at i-confidential, emphasised that organisations can’t outsource accountability for data security. He advised ongoing checks of suppliers’ security measures to ensure they’re keeping up with ransomware threats.
I suppose the moral of the story is that cyber criminals really don’t care who they attack. Whether you’re an individual, a business or even a hospital, you’re not safe online without protection and awareness.
We hope you’ve liked this blog and that you’ll stick around to see our future releases. We cover everything from recent IT News to Knowledgebase articles. Thanks for reading!