Top Five Cyber-Attacks Impacting the UK Public Sector in 2024 

Recent years have seen an explosion in attacks on the UK public sector.

Organisations like local councils and NHS hospitals are viewed as “low hanging fruit” by cyber threat actors as they often lack cybersecurity resources and expertise compared to private sector entities.

For example, an Information Commissioner’s Office (ICO) investigation into the 2020 ransomware attack on Hackney Council in London highlighted a lack of proper security and processes in place to protect personal data at the local authority.

These organisations also hold highly sensitive and valuable data on citizens, including personal and health information, making them a major target for data theft.

Additionally, attacking public sector bodies can severely disrupt critical services. 

This factor potentially increases ransomware actors’ chances of receiving a payout from the victim, while nation-state groups can inflict pain on a country they deem to be an enemy.

Here are the top five cyber-attacks on the UK public sector so far in 2024.

A ransomware attack on pathology supplier Synnovis on June 3 has significantly impacted patient care. Guy’s and St Thomas’ NHS Foundation Trusts, King’s College Hospital NHS Foundation Trusts and primary care services in South East London were quickly forced to cancel operations and divert emergency patients.

The real-world impact of the incident is ongoing, with NHS England revealing as of 15 August that 1,693 elective procedures and 10,054 acute outpatient appointments were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust since 3 June.

The attack has also contributed to a critical shortage of O type blood among NHS hospitals.

As well as the direct impact on patient care, it was reported in June 2024 that the ransomware group Qilin published nearly 400GB of data stolen from Synnovis.

This included sensitive NHS patient information, such as patient names, NHS numbers and descriptions of blood tests.

Synnovis is still verifying the published data and said it will inform affected individuals in line with its legal obligations.

A ransomware attack on Scottish NHS Trust Dumfries and Galloway on 15 March quickly resulted in patient and staff-identifiable information being published online by the attackers.

The ransomware gang Inc Ransom published a “sample” dataset on its leak site on 27 March, and threatened to leak 3TB of data relating to NHS Scotland patients and staff unless its demands were met.

The full dataset was subsequently released on May 6, which included sensitive personal information held by National Records of Scotland (NRS).

On June 17, NHS Dumfries and Galloway chief executive Julie White wrote to 150,000 households in the area, warning them that it is likely their personal data has been stolen and published online by the attackers.

The information included x-rays, test results and letters between health and care professionals. Staff and patients at the Trust have been urged to stay alert for attempted scams and to contact law enforcement is they think something is suspicious.

The Billericay School in Essex informed parents in a letter that its site was closed to all students on Monday, June 3 due to a “significant” cyber-attack.

Headteacher Mr P. Berry said the attack resulted in all the school’s IT system being compromised and inaccessible by a “complex encryption,” suggesting the incident was ransomware related.

Students were soon allowed to return to the school, with teachers forced to use “traditional teaching methods” without access to resources stored on the school system while the reimaging of computers took place.

It was also revealed by the school that pupil names, addresses, basic medical notes may have been accessed by the attackers, as well as contact details for parents/carers.

An investigation to ascertain the extent of the data breach is ongoing and parents/carers have been urged to be vigilant when opening emails and webpages to avoid criminals harvesting user credentials. They have also been advised to take preventative action such as changing personal passwords.

On 8 March, Leicester City Council revealed it had temporarily shut down its IT systems and phone lines due to a cyber incident.

The attack had a significant impact on council services over several weeks. This included reports of streetlights staying lit day and night, and disruptions to child protection, adult social care and homelessness services.

On 3 April, the local authority confirmed that confidential data was published online by a “known ransomware group,” reportedly Inc Ransom.

The group posted a proof pack of highly sensitive data on its leak site, including rent statements, applications to purchase council housing and personal identification documents such as passport information.

Leicester City Council warned staff and the public to be on their guard for any attempt to access their systems or approaches from anyone claiming to be in possession of data relating to them.

On 9 April, the Council revealed that a further 1.3TB of data had been published online by the group.

Leicester City Council is still in the process of reviewing the leak to establish the nature of the data and the individuals affected.

ADVERTISEMENT

In August, a cyber-attack on housing software provider Locata resulted in the housing websites for three local councils – Manchester, Salford and Bolton – being suspended.

Manchester City Council said its Manchester Move housing website would remain offline and unavailable until it is sure that residents’ personal information is safe. It is now back up and running.

The Council believes that a “small amount of personal information” was compromised by the attackers.

The incident also led to thousands of users being sent a phishing email asking them to “activate your tenancy options” and hand over personal data. The phishing site was subsequently removed. It is currently unknown how many people fell victim to the scam.

Cyber threat actors continue to target public sector organisations due to their lack of cybersecurity resources and the value of their data. These attacks can clearly disrupt critical services and potentially lead to ransom payments and reputational damage for the organisations involved.

Unfortunately, unless major improvements in cybersecurity in the public sector are made these attacks are likely to continue as cybercriminals look for easy opportunities and lucrative payouts.

Enjoyed this article? Make sure to share it!

Looking for something else?