NHS patient data compromised in Manchester University cyber attack

Over one million NHS patient records have been accessed by the cybercriminals who attacked the University of Manchester on 09 June. The data had been gathered by the university for the purposes of medical research from more than 200 hospitals. The data includes reports of major-trauma patients across the country and treatment for victims of terrorist attacks.

Among the leaked details are NHS numbers and the first three letters of patients’ postcodes.

As a result of the incident, NHS chiefs were warned by Manchester University that there is “potential for NHS data to be made available in the public domain.” The data set has since been closed, but an investigation undertaken by the university has found that backup servers were accessed.

Manchester University has updated the list of data seen by cyber criminals, which now includes universities and colleges admissions service (UCAS) numbers and fee status, UCAS disability codes, as well as personally identifiable information such as university IDs and dates of birth.

The university’s priority is to resolve this issue, it said in a statement alongside the updated information. “Our in-house experts and external support are working around the clock to resolve this incident and respond to its impacts,” it said. “We are continuing our investigations”