"The cybercriminal gang, which in recent months has targeted organizations using an Oracle E-Business Suite (EBS) exploit, added the NHS to its leak site on November 11, but has yet to publish any data. Clop simply lists the NHS.uk domain, but does not specify which of the myriad branches of the UK's healthcare system it breached. It also listed the NHS's revenue as $234 billion, which appears to be a crude calculation taken from the Department of Health and Social Care's budget."
"The Register asked NHS England for a statement regarding the veracity of Clop's claims, but it neither confirmed nor denied an intrusion. A spokesperson said: "We are aware that the NHS has been listed on a cybercrime website as being impacted by a cyberattack, but no data has been published. Our cybersecurity team is working closely with the National Cyber Security Centre to investigate.""
"Whatever the nature of the attack, or how far-reaching it is, Clop will have a tough time extorting the NHS, a notoriously underfunded healthcare organization that does not pay ransoms. It's not the first group to attempt it, though. Various cybercrime crews have tried their hands at extorting the NHS over the years. The NHS is an attractive target for cybercriminals - a massive healthcare organization (said to be the biggest employer in Europe) relying on critical systems to save lives."
Extortion gang Clop added NHS.uk to its leak site on November 11 but has not published any data. The gang exploited an Oracle E-Business Suite (EBS) vulnerability to target organizations. Clop listed only the NHS.uk domain without specifying which national, regional, or local body was affected, creating uncertainty about the scope of any compromise. Clop listed NHS revenue as $234 billion, a figure apparently drawn from the Department of Health and Social Care budget. NHS England neither confirmed nor denied an intrusion and said cybersecurity teams are working with the National Cyber Security Centre to investigate. The NHS is an attractive target because of its size, critical systems, and sensitive patient data.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]