NHS Moorfields Hospital in Dubai confirms cyber attack, after ransomware data leak threats

Photo by Aleksandar Pasaric on Pexels.com

The UAE-based Moorfields Eye Hospitals has confirmed a cybersecurity incident after a ransomware group is seen threatening to leak the stolen data.

The Moorfields Eye Hospitals in UAE is a branch of Moorfields London, part of Britain’s National Health Service (NHS).

As of yesterday, as observed by Security Report, the Moorfields Hospitals UAE website is showing the following message:

“Moorfields Dubai has recently been the subject of an IT security incident on one of its servers.”

“We are undertaking an urgent thorough investigation, led by a leading cybersecurity specialist agency, to ascertain what information could have been accessed.”

Patient appointments are expected to go on as normal.

“We continue to offer our full range of services and we advise all patients to attend their appointments as scheduled,” states the notice.

AvosLocker claims responsibility for the attack

Ransomware group AvosLocker claimed responsibility for the attack on Moorfields on their leak site, as of August 15th, 2021.

AvosLocker also states they have obtained 60 GB of proprietary data, including patient information, that they will leak if the ransom demand is not met.

AvosLocker posted sample materials including ID cards and patient data on their leak site (Security Report)

As seen by Security Report, some of the proofs posted by AvosLocker include:

Copy of ID cards, passports and travel documents
Insurance claim forms
Accounting documents, such as aged trial balances
Hospital call logs
Internal memos

A call log spreadsheet provided in the sample data dump (Security Report)

AvosLocker is known for infecting Windows machines to encrypt files and add a “.avos” extension to them.

Typically, the ransomware group uses spam emails or misleading advertisements as the primary delivery mechanisms for the malware. To encrypt data, AvosLocker employs a customized version of the Advanced Encryption Standard (AES) algorithm with block size 256, according to cybersecurity firm Cyble.

With recent cyberattacks on healthcare facilities, with some even leading to loss of life, ransomware groups now pose an ever-increasing risk to critical infrastructure.

Moorfields UAE is in the process of notifying the affected patients already. Those who are concerned they might be affected can also email incident@moorfields.ae.

Ax Sharma

Ax Sharma is a UK-based security researcher, journalist and TV subject matter expert experienced in malware analysis and cybercrime investigations. His areas of interest include open source software security and threat intel analysis. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).