We are continuing to investigate the full extent of the cyber attack that occurred on 30 June. As soon as we detected it, we took immediate steps to contain and mitigate the breach. We engaged with specialist IT forensic experts to investigate what happened and we notified the NHS England cyber security operations centre, the National Crime Agency, the National Cyber Security Centre, and the Information Commissioner’s Office.
Although the group responsible claims to have accessed a large amount of data, these claims have not yet been verified and assessing the level of risk is a lengthy and complex process.
At this stage, we can confirm that some personal information affecting four individuals was posted on a part of the internet that is not accessible by search engines, known as the dark web. We have contacted those individuals and offered them support.
There is no evidence that patient data has been accessed.
A criminal investigation is underway, led by the Metropolitan Police cyber crime unit, and this affects how much we can disclose. However we do appreciate that staff, patients and partners may feel concerned.
Barts Health is not alone in being a victim of cyber attacks. It is important to remain vigilant and look out for any suspicious phishing emails. If in doubt, do not open any attachments you cannot verify. Please consult this guidance on phishing and data breaches.
We are taking this incident very seriously and we appreciate your patience at this time.