GCHQ investigates cyber attack on hospital to the royals after data stolen

Edward Malnick
·3 min read
The scene outside King Edward VII hospital in London when the Duke of Edinburgh was admitted in December 2019
The scene outside King Edward VII hospital in London when the Duke of Edinburgh was admitted in December 2019 - Heathcliff O'Malley
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.

GCHQ is investigating a cyber attack on the London private hospital favoured by the Royal family.

The spy agency’s National Cyber Security Centre (NCSC) is probing what King Edward VII’s Hospital described as “an IT security incident” during which a “third-party” obtained confidential medical information such as doctors’ letters and pathology reports relating to some patients. The hospital’s website was also affected by the incident.

The hospital is known as being the first port of call for senior members of the Royal family over many years, with the late Queen Elizabeth II – who acted as its patron – and Prince Philip having been admitted to the central London medical centre several times.

Sarah, the Duchess of York, spent several days at the hospital in the summer after surgery for breast cancer, while the Princess of Wales was treated there for severe morning sickness during her first pregnancy.

It is understood that the Royal family members’ medical data is held separately to the system that was hacked, and was unaffected.

‘Significant threat’

But the attack is now being investigated by the NCSC and police. The disclosure of the incident, which took place earlier this month, comes less than a fortnight after the NCSC warned of “an enduring and significant threat posed by states and state-aligned groups to the national assets that the UK relies on for the everyday functioning of society”.

Threats identified by the NCSC included “ransomware” attacks such as the targeting of the British Library last month, which led to a leak of employee data that is now being sold online.

In a statement on Nov 14, the NCSC said: “Russian-language criminals operating ransomware and ‘ransomware as a service’ models continue to be responsible for the most high-profile cyber attacks against the UK.”

Iran’s Islamic Revolutionary Guard Corps has also “targeted known vulnerabilities to launch ransomware operations against multiple sectors, including critical national infrastructure organisations”, the NCSC said earlier this month.

The King Edward VII’s Hospital was unable to confirm the identity of the “third party” behind the attack on its systems.

It is understood that fewer than 1 per cent of the hospital’s patients were affected. They have been warned of a risk that their data “could be misused”.

In a letter to affected patients, Justin Vale, the hospital’s chief executive, said: “We were alerted to the situation immediately, and thanks to the security measures we had in place, we were able to take steps to contain the incident very shortly after it occurred.”

He added: “We have identified that the third party responsible for the incident was able to copy a small amount of data from our systems. We have reviewed this data so that we can confirm what is included and while the majority was internal hospital systems data, we established that it did include some of your personal data... This included some health information contained in documents such as doctors’ letters or pathology reports. It does not include any financial or payment data.”

‘Free identity monitoring’

Affected patients have been offered free “identity and credit monitoring” to “help keep you safe from potentially fraudulent activity”.

A spokesman for the hospital said: “We recently experienced an IT security incident involving temporary, unauthorised access to our systems.

“We took immediate steps to mitigate the incident’s impact and continued to offer patient care and services, largely as normal. We also launched a comprehensive investigation, which confirmed that a small amount of data was copied from part of our IT system. While this was primarily benign hospital systems data, a limited amount of patient information was copied, and we are notifying a small subset of our patient database about this.

“The vast majority of patients are not affected by this in any way, and we offer our apologies for any concern this incident may cause.”

Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month, then enjoy 1 year for just $9 with our US-exclusive offer.