NHS Attributes Patient Death to Ransomware Attack

In a weekly roundup of cybersecurity incidents and breaches, Information Security Media Group highlights significant events including the UK NHS’s link between ransomware and patient death, ongoing Chinese hacking activity in Canada, and new vulnerabilities affecting major software firms like SAP and Citrix. Additionally, ransomware has disrupted operations for a U.S. dairy cooperative, and Iranian hackers have attacked public services in Albania, while the municipality of Oxford in England also faced a data breach.

The National Health Service (NHS) in England has attributed a patient death to a ransomware attack affecting pathology services. The attack, which took place in June 2024, involved the services of Synnovis and led to delays in blood test results, contributing to the tragic outcome. This case exemplifies the severe implications cyberattacks can have on human life.

The attack, claimed by the Russian-speaking group Qilin, severely disrupted Synnovis, resulting in over 10,000 canceled outpatient appointments and numerous elective procedures at major NHS hospitals such as King’s College and Guy’s and St. Thomas. The NHS is still grappling with blood supply issues that stem from this incident.

The Canadian Centre for Cyber Security has raised alarms regarding the Salt Typhoon hacking group, believed to have executed a cyberespionage campaign targeting unidentified Canadian telecommunications providers. This group gained notoriety after compromising U.S. telecommunications networks in 2024. Salt Typhoon exploited vulnerabilities in Cisco devices to carry out its operations, employing tactics associated with initial access and lateral movement as per the MITRE ATT&CK framework.

Ukrainian cybersecurity officials reported that Russian intelligence operatives are utilizing malware-laden Microsoft Word documents sent via the Signal chat application to infiltrate systems. The threat group UAC-001, linked to Russia’s military intelligence, is deploying macros in documents to install backdoors, allowing for extensive data exfiltration and surveillance — utilizing methods that suggest persistence and privilege escalation techniques outlined in the MITRE ATT&CK framework.

Security researchers have disclosed vulnerabilities in SAP and Citrix products that could expose sensitive user data. The flaws, including CVE-2025-0055 and CVE-2025-5777, allow unauthorized access to user histories, increasing the risks of phishing and data breaches. Businesses are urged to take immediate action to mitigate these risks, as the exploitation of such vulnerabilities can lead to severe operational disruptions and data loss.

A campaign named “OneClik” has been identified, focusing on phishing attacks against the oil and gas sector, employing Microsoft’s ClickOnce technology to deploy backdoors. This activity is believed to be linked to APT41, a group responsible for previous attacks on critical infrastructure. The campaign utilizes methods consistent with initial access and execution tactics specified by the MITRE ATT&CK framework.

Rapid7’s research revealed that multiple models of Brother printers have a severe authentication bypass vulnerability, allowing unauthorized access to administrators. This flaw is due to standardized serial-number-based default passwords that cannot be fully remediated. Hackers could leverage this vulnerability to implement deeper intrusions into network infrastructures, representing significant risks to organizational security.

Dairy Farmers of America has confirmed a ransomware attack that compromised its manufacturing plants, leading to temporary halts in milk processing. While the cooperative managed to contain the situation quickly, specifics regarding data loss and ransom payments remain undisclosed. This incident underscores the potential vulnerabilities within critical supply chains in the food sector.

The Iranian hacker group “Homeland Justice” claimed responsibility for a cyberattack that resulted in significant disruptions to public services in Tirana. The attackers not only exfiltrated sensitive data but also incapacitated municipal systems, showcasing advanced cyber capabilities. This serves as a reminder of the escalating threat posed by state-sponsored hacking groups, particularly against national infrastructure.

The city of Oxford has reported a data breach involving unauthorized access to legacy systems containing sensitive personnel information. City officials emphasized that while operations have resumed, the exposed records, which date back to 2001, could compromise the privacy of numerous individuals. This breach illustrates ongoing vulnerabilities within public sector information systems.

Cybersecurity experts urged the European Union to take proactive measures against increasing threats from China and North Korea, highlighting the need for updated malware disruption strategies and rapid response systems. The rise in cyberattacks targeting both diplomatic and critical infrastructure points to an urgent need for a coordinated defense effort, reflective of tactics outlined in the MITRE ATT&CK framework.

Other Stories From Last Week

Reporting by Information Security Media Group’s team including Anviksha More and international correspondents.