Police are investigating claims by hackers that they have stolen personal details of hundreds of workers in the UK healthcare sector.
In a post last week to a hacking forum, a user reportedly claimed that they had breached a Home Office visas and immigration database.
The hacker claimed to be selling details of people’s passports, work permits, UK visas and bank statements belonging to healthcare workers, the industry magazine Health Service Journal reported.
Now the Home Office has confirmed that police are investigating the claims, saying there was “an incident affecting data held on a sponsor organisations system”. The breach is understood to have affected about 200 people.
The investigation followed an initial report the breach affected as many as 171,000 before the figure was dramatically revised.
The NHS and social care providers are highly reliant on migrant workers coming to the UK to work in the healthcare industry, and will sponsor them for visas.
A Home Office spokesperson said: “We are aware of an incident affecting data held on a sponsor organisations system. While there is a live police investigation, it would be inappropriate to comment further”.
Caroline Waterfield, director of development and employment at NHS Employers, said the reported hack was very worrying.
“Reports of this alleged breach will be causing concern to any of our health and social care staff who have their personal details on the Home Office visa system. It is vital that these allegations are investigated and either rejected or confirmed, promptly,” she said.
According to the Health Service Journal, who first reported the apparent breach, the hacker claimed “there is potential for ongoing access to the database as it appears to be periodically updated”.
An industry source told the magazine that the user who posted about the data appeared to be financially motivated.
On Tuesday, security minister Dan Jarvis revealed that millions of pounds of taxpayers’ money has been handed to cyber criminals in recent years.
Mr Jarvis suggested that hostile actors could have extorted thousands from organisations like the NHS without the government knowing because there is no mandatory reporting regime.
The Home Office launched a consultation this week on how to crack down on ransomware, with plans to consider a ban on all public sector bodies paying hackers.
Asked how much public bodies had paid out in recent years, Mr Jarvis said “significant” sums had been handed over, telling Times Radio: “Millions of pounds have been paid. It’s a huge problem internationally”.
He said the government didn’t have precise figures for how much the NHS had handed over because they weren’t required to report it.
Recent targets by hackers have been a key supplier to London hospitals and Royal Mail.
In June last year, two London hospital trusts were forced to cancel all non-emergency operations and blood tests following a cyberattack on the company that supplied testing services.
In 2023 The Independent exposed a ransomware attack on the University of Manchester that affected an NHS patient data set holding information on 1.1 million patients across 200 hospitals.