Article Details

Clop claims it hacked 'the NHS.' Which bit? Your guess is as good as theirs. Cybercrime crew has ravaged multiple private organizations using Oracle EBS zero-day for months. The UK's National Health Service (NHS) is investigating claims of a cyberattack by extortion crew Clop. The cybercriminal gang, which in recent months has targeted organizations using an Oracle E-Business Suite (EBS) exploit, added the NHS to its leak site on November 11, but has yet to publish any data. Clop simply lists the NHS.uk domain, but does not specify which of the myriad branches of the UK's healthcare system it breached. The NHS comprises hundreds of organizations at national, regional, and local levels, so Clop's failure to specify which arm or trust it compromised raises questions about how much it knows of the attack. It also listed the NHS's revenue as $234 billion, which appears to be a crude calculation taken from the Department of Health and Social Care's budget. Typing "NHS revenue" into Google returns the 2023/24 budget total as a result, which is roughly the same as the revenue figure Clop listed, although more recent annual budgets add several billions to this sum. The Register asked NHS England for a statement regarding the veracity of Clop's claims, but it neither confirmed nor denied an intrusion. A spokesperson said: "We are aware that the NHS has been listed on a cybercrime website as being impacted by a cyberattack, but no data has been published. Our cybersecurity team is working closely with the National Cyber Security Centre to investigate." Whatever the nature of the attack, or how far-reaching it is, Clop will have a tough time extorting the NHS, a notoriously underfunded healthcare organization that does not pay ransoms. It's not the first group to attempt it, though. Various cybercrime crews have tried their hands at extorting the NHS over the years. The NHS is an attractive target for cybercriminals – a massive healthcare organization (said to be the biggest employer in Europe) relying on critical systems to save lives. It also stores vast quantities of sensitive data belonging to patients, a large portion of which is likely to be handled by its Oracle EBS. The NHS does not pay ransoms, however, and the consequences of cyberattacks on its systems only lead to patient harm. The criminals do not receive rewards. Even if the NHS did, on occasion, pay off extortion crews, they wouldn't be able to for much longer if the UK's proposed ban on ransom payments from public sector organizations passes.