Moorfields NHS UK & Dubai was targeted by the threat actors calling themselves AvosLocker in September 2021.
The threat actors exfiltrated and dumped the files concerned with business functions and personnel — resumes, credentials, and related personnel files when they refused to pay.
The dumped data included patients’ names, time of appointment, ID number, diagnosis, tests run, and insurance information along with a separate file containing more than 1,100 photocopies of patients’ passports.
TPRM report: https://scoringcyber.rankiteo.com/company/moorfields-eye-hospital-dubai
"id": "moo22427123",
"linkid": "moorfields-eye-hospital-dubai",
"type": "Data Leak",
"date": "09/2021",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Healthcare',
'location': ['UK', 'Dubai'],
'name': 'Moorfields NHS UK & Dubai',
'type': 'Healthcare'}],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Medical Information',
'Insurance Information',
'Passport Information']},
'date_detected': 'September 2021',
'description': 'Moorfields NHS UK & Dubai was targeted by AvosLocker '
'ransomware in September 2021. The threat actors exfiltrated '
'and dumped files related to business functions and personnel, '
'including resumes, credentials, and related personnel files. '
'The dumped data included patients’ names, time of '
'appointment, ID number, diagnosis, tests run, and insurance '
'information along with a separate file containing more than '
'1,100 photocopies of patients’ passports.',
'impact': {'data_compromised': ['resumes',
'credentials',
'personnel files',
'patients’ names',
'time of appointment',
'ID number',
'diagnosis',
'tests run',
'insurance information',
'photocopies of patients’ passports']},
'motivation': 'Financial',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'AvosLocker'},
'threat_actor': 'AvosLocker',
'title': 'AvosLocker Ransomware Attack on Moorfields NHS UK & Dubai',
'type': 'Ransomware'}