Exclusive: hackers accessed NHS passwords in security breach
An international group of “pirate-ninja” hackers announced today that it breached NHS online security after gaining access to administration passwords.
LulzSec, who describe themselves as “a team of entertainment and security experts that specialise in the production of malicious comedic cybermaterials”, have gained notoriety in recent weeks by repeatedly attacking international brands such as PBS and Sony.
The organisation contacted an NHS body after gaining access to administration passwords while searching the web for other materials. On Twitter, @LulzSec said the group never intended to exploit the passwords, which it accessed “months ago”.
LulzSec says it contacted the NHS earlier today to warn about the breach of security. The partially blanked-out email was posted to Twitter earlier today.
The message reads: “Greetings… we’re a somewhat known band of pirate-ninjas that go by LulzSec. Some time ago, we were traversing the internet for signs of enemy fleets.
“While you aren’t considered an enemy – your work is of course brilliant – we did stumble upon several of your admin passwords.”
The email apparently listed the passwords, but this passage is blanked out in the version released.
The message concluded: “We mean you no harm and only want to help you fix your tech issues.
“Also, we hope that little girls feasts [sic] on the bones of many giving souls.”
A spokeswoman for the DH’s informatics branch, Connecting for Health, said: “This is a local issue affecting a very small number of website administrators.
“No patient information has been compromised. No national NHS information systems have been affected.
“The DH has issued guidance to the local NHS about how to protect and secure all their information assets.”