News

NHS Moorfields Hospital in Dubai confirms cyber attack, after ransomware data leak threats

The UAE-based Moorfields Eye Hospitals has confirmed a cybersecurity incident after a ransomware group is seen threatening to leak the stolen data.

The Moorfields Eye Hospitals in UAE is a branch of Moorfields London, part of Britain’s National Health Service (NHS).

As of yesterday, as observed by Security Report, the Moorfields Hospitals UAE website is showing the following message:

“Moorfields Dubai has recently been the subject of an IT security incident on one of its servers.”

“We are undertaking an urgent thorough investigation, led by a leading cybersecurity specialist agency, to ascertain what information could have been accessed.”

Patient appointments are expected to go on as normal.

“We continue to offer our full range of services and we advise all patients to attend their appointments as scheduled,” states the notice.

AvosLocker claims responsibility for the attack

Ransomware group AvosLocker claimed responsibility for the attack on Moorfields on their leak site, as of August 15th, 2021.

AvosLocker also states they have obtained 60 GB of proprietary data, including patient information, that they will leak if the ransom demand is not met.

AvosLocker posted sample materials including ID cards and patient data on their leak site (Security Report)

As seen by Security Report, some of the proofs posted by AvosLocker include:

  • Copy of ID cards, passports and travel documents
  • Insurance claim forms
  • Accounting documents, such as aged trial balances
  • Hospital call logs
  • Internal memos
A call log spreadsheet provided in the sample data dump (Security Report)

AvosLocker is known for infecting Windows machines to encrypt files and add a “.avos” extension to them.

Typically, the ransomware group uses spam emails or misleading advertisements as the primary delivery mechanisms for the malware. To encrypt data, AvosLocker employs a customized version of the Advanced Encryption Standard (AES) algorithm with block size 256, according to cybersecurity firm Cyble.

With recent cyberattacks on healthcare facilities, with some even leading to loss of life, ransomware groups now pose an ever-increasing risk to critical infrastructure.

Moorfields UAE is in the process of notifying the affected patients already. Those who are concerned they might be affected can also email incident@moorfields.ae.

Ax Sharma

Ax Sharma is a UK-based security researcher, journalist and TV subject matter expert experienced in malware analysis and cybercrime investigations. His areas of interest include open source software security and threat intel analysis. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

ParkMobile’s $32.8 Million Data Breach Settlement = You get $1?

In 2021, parking app ParkMobile suffered a massive data breach impacting 22 million users whose…

3 days ago

8 Brutal Truths About Cybersecurity I Wish I Knew

When I first got into cybersecurity, I thought it was all about hackers in hoodies…

4 days ago

US Air Force Probes Potential SharePoint-Linked Privacy Breach

The US Air Force is investigating a “privacy-related issue” that may have exposed personally identifiable…

5 days ago

Harrods third-party breach exposes 430,000 customer records, hackers reach out

London’s iconic department store Harrods has disclosed that approximately 430,000 customer records were compromised in…

1 week ago

WestJet confirms customer ID, passports stolen in June cyberattack

WestJet confirmed that in a June 2025 cybersecurity incident, a “sophisticated, criminal third party” gained…

1 week ago

Did You Also Get a ‘Real’ Phishing Email From GitHub.com?

Imagine getting an email straight from GitHub’s own notification system: the same one you've trusted…

1 week ago

This website uses cookies.