Cybersecurity

Ransomware gang claims to have snatched British royal family’s healthcare records

King Edward VII Hospital has acknowledged the breach impacted a “small subset” of patients.
article cover

Hollie Adams/Getty Images

· 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Rhysida, the ransomware gang that has claimed responsibility for a recent cyberattack on the British Library, now claims to have hit a private hospital and stolen data, including health records for the royal family.

Computer Weekly reported that last week, the group posted to its site on the dark web bragging of an attack on London’s King Edward VII Hospital, providing evidence such as images depicting “copies of X-rays, medical reports, prescriptions, and registration forms.” Rhysida also allegedly said it would sell the data at auction at a starting price of 10 bitcoin (roughly $435,000), threatening that in the absence of a buyer it would release the stolen information on Dec. 5.

Rhysida’s threats explicitly mention “Data from the Royal Family,” according to Protocol.

The Telegraph reported it is “understood that the Royal family members’ medical data is held separately to the system that was hacked, and was unaffected,” though it didn’t elaborate beyond mentioning the National Cyber Security Centre and police are investigating. In a statement to IT Brew, a spokesman for the hospital, Donald Steele, acknowledged a “security incident involving temporary, unauthorized access to our systems,” though said it had taken “immediate steps to mitigate the incident’s impact” and continue patient care. The hospital added that a “small amount” of data was taken.

“While this was primarily benign hospital systems data, a limited amount of patient information was copied, and we are notifying a small subset of our patient database about this,” the statement continued. “The vast majority of patients are not affected by this in any way, and we offer our apologies for any concern this incident may cause.”

According to Computer Weekly, health data related to the royal family is “subject to particularly stringent cyber security controls” which are the responsibility of organizations that handle it.

Although Rhysida is a relatively recent addition to the ransomware scene—the gang first reportedly emerged around May 2023—it has quickly built a reputation. In the attack on the British Library, the gang reportedly triggered a major outage and demanded a $745,000 ransom.

In November, the Department of Justice and Cybersecurity and Infrastructure Security Agency released a joint warning saying the group has struck targets in education, healthcare, manufacturing, information technology, and government sectors. According to the bulletin, the group specializes in “leveraging external-facing remote services to initially access and persist within a network,” as well as living-off-the-land techniques such as using native system admin tools to move laterally across targets.

Hospitals are common targets of opportunity for ransomware gangs, as they handle large amounts of sensitive health data on patients and are vulnerable to disruption. Just weeks ago, Ardent Health Services, a US chain which operates 30 hospitals in six states, recently diverted some patients from emergency rooms and postponed some elective procedures following a ransomware incident.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.