Search This Blog

Showing posts with label NHS. Show all posts

Threat Actor Targets Outsourcing Firm Serco Via Babuk Ransomware

The outsourcing company responsible for NHS Test and Trace system in the UK confirmed this week that it was targeted by the threat actors running the recently-discovered Babuk ransomware. 

Serco, a British services business manages over 500 contracts globally and employs nearly 50,000 people. It operates in sectors like transport, justice, health, citizen services, immigration, and defense. The firm confirmed to Sky News that it had suffered an attack but Test and Trace were not affected by the attack. Serco’s spokesperson said its European systems were detached from those in the UK, therefore the UK system is unaffected by the attack.

If the Test and Trace system would have been affected by an attack then it would add to an increasing number of incidents that have influenced the system since its launch in May 2020. Sky News learned about the incident after noticing a sample of the Babuk ransomware uploaded to VirusTotal. Threat actors attached the ransom note addressing Serco: “We’ve been surfing inside your network for about three weeks and copied more than 1TB of your data”. 

“Your partners such as NATO or Belgian Army or anyone else won’t be happy that their secret documents are in free access in the internet”, it further reads. As per the reports of security vendor Cyberint, the cybercriminal group doesn’t target schools, hospitals, or companies with annual revenue of less than $4m. Cybercriminal group also asserts to steer clear of any non-profit charities with the exception of LGBTQ+ organizations or those linked with Black Lives Matter.

The NHS and Trace system has faced a lot of criticism in the recent past for slow test results and unproductive contact tracing and the government’s move to bring in the private sector to operate it instead of showing confidence in the local health authorities has also annoyed many health experts.

NHS Urged Public to Remain Vigilant Regarding Fake Covid-19 Vaccinations

 

Fraudsters are tricking people in the UK via fake Covid-19 vaccination invites, scammers are posing to be from the UK’s National Health Service (NHS), and are sending fake emails including a link to enroll for the vaccine.

NHS has alerted the public by tweeting on their official account that no registration is required for the real vaccination. We would never ask for bank details, verification of documents such as your passport, driving license, bills, or payslips, and no payment is required for the vaccination.

The multiple variants of phishing emails are floating around the internet but they all point towards the NHS, claiming a message from the NHS website ‘noreply@nhs.gov.uk’ (the original NHS website is NHS.uk). Scammers are using mail subject identical to “IMPORTANT – Public Health Message. Decide whether if you want to be vaccinated”.
 
Cybersecurity consultant Daniel Card explained that traffic data is suggesting fraudsters have tricked thousands of recipients to click on the fake website but it remains unclear how many recipients have filled in the form. National Cyber Security Centre and Action Fraud have urged people to report scam emails or texts.

Health secretary Matt Hancock stated that “vaccines are our way out of this pandemic, it is vital that we do not let a small number of unscrupulous fraudsters undermine the huge team effort underway across the country to protect millions of people from this terrible disease”.

This was not the first phishing campaign related to the covid-19 vaccination, at the start of this month fraudsters sent bogus text messages to the recipients posing to be from the NHS and asking recipients to register for a vaccine and provide bank details for verification.

The UK Government Vs Apple & Google API on the New COVID-19 App That Tells Who Near You is Infected!



Reportedly, the United Kingdom declared that their coronavirus tracing application is being run via centralized British servers and that’s how they are planning to take things forward and not via the usual “Apple-Google approach” which is a preferred one for most.

Per sources, the CEO of the Tech unit of the National Health Service mentioned that their new smartphone app will have its launching in the upcoming weeks, with the hopes of helping the country return to normalcy by beating coronavirus.

According to reports, the UK government believes that the contact-tracing protocol created by Apple and Google protects user privacy “under advertisement only”. Hence the British health service supports a system that would send the data of who may have the virus to a centralized server giving all the controls in the hand of the NHS.

The way of the NHS and that of Apple and Google, work via Bluetooth by putting a cell-phone on the wireless network, having it emit an electronic ID that could be intercepted by other phones in the vicinity. If a person tests positive for COVID-19 their ID would be used to warn the others near them.

Meaning, if you were near an affected person, your phone would show flags about their being infected, you’d be notified about it and if you may have caught the novel coronavirus you’d be alerted about that too, mention sources.

Per reports, Google and Apple especially had created an opt-in pro-privacy API for Android and iOS. The feature allows the user’s phone to change its ID on other phones near them and store it across different intervals of time.

Per sources, if a person is discovered to have COVID-19 they can allow the release of their phone’s ID to a decentralized set of databases looked over by healthcare providers and the nearby users would be notified about it.

The above-mentioned approach works best to help ensure that the users aren’t tracked by exploiting the above information. Google and Apple say that their protocol would make it next to impossible for them, the governments, and mal-actors to track people. The data wouldn’t leave the user’s phone unless they want it to, that too anonymously if and when.


A person, to declare themselves infected must enter a specific code from a healthcare provider after being tested positive which is a great way to curb fraudulent announcements about being infected.

The NHS, on the other hand, thought of proposing a centralized approach that makes the government, the party that has the coronavirus related details of all the users on their database for further analysis.

Per sources, for this application to be successful 60% of a population would have to download it and opt for it. Trust plays a major role here, if the users don’t trust the app it would be of no use to others either.

Reports mention that most countries prefer the Google and Apple method better, including Switzerland, Austria, and Estonia. Germany too is in strong support of a decentralized line whereas France had to face criticism for its inclination towards the centralized approach.

Nevertheless, the NHS is hell-bent on going forward with the centralized approach and is adamant that it will safeguard the privacy of people no matter what. In the centralized way of things, the NHS would capture all the IDs of phones with the app active on them and store the details on their database. Later on, if a user is found to be infected the NHS would make the call about all the hows, whens, and ifs of the warning procedure on the other phones.

If things were to work out the way NHS wants it to, the application would advise users to take steps to help them save themselves against the virus, like self-isolating if need be. The advice notified would be customized per the situation. They would also build a better database and help people with first-hand updates. People could also voluntarily provide detailed information about themselves to make the app’s experience more comprehensive.

Moreover, the centralized system would be way easier for conducting audits and analysis of the data that has been stored in the databases for further research about users that are at most risk.

But regardless of all the superficial advantages, the NHS would still be creating a database bursting with people’s personal information like their health statuses, their movements, and that too with the government having complete control of it.

The success of the entire operation dwells on the people’s trust in the NHS, the UK government, and the governments of all the countries for that matter who have opted for the centralized system.

National Health Service England to set up Artificial Intelligence lab





The National Health Service England is planning to set up a national artificial intelligence laboratory to enhance the medical care and research facility.

According to the Health Secretary, Matt Hancock said AI has 'enormous power' to improve the health care facilities, and save lives.

The health service has announced £250m on setting up a research lab to boost AI within the health sector.

However, AI will pose new challenges in protecting patient data.

Many AI tools have proven to be game-changer devices, which help doctors at spotting lung cancer, skin cancer, and more than 50 eye conditions from scans.

Meanwhile, there are some tools that are yet to be used routinely across the NHS.

"The power of artificial intelligence to improve medicine, to save lives, to improve the way treatments are done, that power is enormous," Mr. Hancock told BBC News.

"In this country, we've got the opportunity to be one of the leading countries in the world at using this new technology."