Hacking group LulzSec sent an email to the NHS this week warning the public body about flaws in its IT infrastructure.
LulzSec, which claimed to be behind a recent hit on Sony, said it had obtained passwords of IT administrators and emailed the NHS about what it took "months ago."
"While you aren't considered an enemy, your work is of course brilliant we did stumble upon several of your admin passwords," LulzSec said in the email.
"We mean you no harm and only want to help you fix your tech issues."
The Department of Health (DoH) said the issue only affected "a very small number of website administrators," noting no patient information had been compromised.
"No national NHS information systems have been affected," a Department of Health spokesperson told the BBC.
"The Department has issued guidance to the local NHS about how to protect and secure all their information assets."
LulzSec, which calls itself a group of "pirate ninjas," has upset a number of corporations recently, in particular Sony, Nintendo and FBI affiliate Infragard.
In the latter case, LulzSec targeted one Infragard user in particular Karim Hijazi, chief executive of private botnet monitoring service Unveillance.
LulzSec claimed Hijazi offered to pay the hacking collective "to eliminate his competitors through illegal hacking means" in return for its silence.
Hijazi said he had been threatened by LulzSec and asked to provide money and botnet information to the collective.
In a back and forth exchange between the two parties, LulzSec claimed it was attempting to do good, while Hijazi alleged the group was in it for extortion.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
NHS supplier hit with £3m fine for security failings that led to attackNews Advanced Computer Software Group lacked MFA, comprehensive vulnerability scanning and proper patch management
-
Cyber attack delayed cancer treatment at NHS hospital
News A cyber attack at Wirral University Teaching Hospital in 2024 delayed critical cancer treatment for patients, documents show.
-
Alder Hey Children’s Hospital confirms hackers gained access to patient data through digital gateway serviceNews Europe’s busiest children’s hospital confirmed attackers were able to steal data from a compromised digital gateway service
-
Major incident declared as Merseyside hospitals hit by cyber attackNews The incident, which has led to cancelled appointments, is just the latest in a series of attacks on healthcare organizations
-
Thousands of procedures canceled at London hospitals as Qilin releases blood test dataNews The attack on blood testing company Synnovis continues to affect patients, while the ransomware group follows through with its threats
-
Ransomware group threatens to publish 3TB of stolen NHS Scotland data after posting proof of attackNews NHS Dumfries and Galloway has confirmed some of the sensitive data stolen during the 15 March attack has been published by a known ransomware operator
-
Attack on third-party software vendor disrupts NHS ambulance servicesNews The ambulance services serve more than 10 million people across the south of England
-
NHS data leak raises ‘serious questions’ about Manchester University cyber attackNews NHS patient data used for research purposes is believed to have been compromised in the June attack
