Probe over fears medical records have been hacked
THOUSANDS of alerts have been sent to patients at a leading GPs’ practice amid fears their medical records have been hacked.
Staff at Hockley Medical Practice, based in Birmingham’s Jewellery Quarter, have acted swiftly after being made aware of the possible cyber attack.
The surgery has 8,839 patients. A text message has been sent to all adults on its books.
An NHS spokesperson said there was no indication any other surgery has been affected.
She stressed it has not yet been established if a hacker had siphoned sensitive data, but the situation is being taken extremely seriously.
One patient received an urgent email purporting to be from the NHS. It included personal details and even referred to his bid to join the army. He was told to click on a link for further action immediately.
“The doctor referred to in the email had left two years ago, so I knew something was wrong,” he said.
“It’s extremely worrying and I’ve been told by the practice that they’re investigating the matter.”
He has contacted his MP over the situation.
Last Friday, two senior members of NHS Sandwell and West Birmingham Clinical Commissioning Group issued a warning.
Dr Ian Sykes, clinical chair, and senior IT manager Manoj Bahal said the matter is being treated “extremely seriously”.
They said: “The Clinical Commissioning Group is aware of this incident and we are taking it extremely seriously. We are supporting the practice to investigate what has happened.
“Patient safety is always one of our top priorities. We would like to remind people that GP practices will never ask you for financial details, PINs or passwords via email.
“If any patients have received suspicious emails, please do not click any links within or share any personal information or passwords, and contact your practice as soon as possible.”
Stolen medical data can be sold for significant amounts on the dark web. It can be more valuable than financial data because criminals have more time to plot their next move. Patients often take longer to realise they’ve fallen victim to hackers.
Communications security expert Jean-Frederic Karcher said: “Hackers can sell large batches of this personal data for profit on the black market. “Medical information can be worth ten times more than credit card numbers on the deep web.
“Fraudsters can use this data to create fake IDs to buy medical equipment or drugs, or combine a patient number with a false provider number and file fictional claims with insurers.
“Consumers often discover their credentials have been stolen a long time after fraudsters have used their personal medical ID to impersonate them and obtain health services.”
Nationally, hackers penetrated NHS systems in 2011. Self-styled “Pirate Ninjas” sent a warning to the NHS that its networks were vulnerable.