Lulz Security, the hacking group that has dominated IT security headlines in recent weeks with numerous attacks on high profile targets, has claimed that the NHS is its latest victim.
Interesting Links
Cyber defense group confirms website hack Lulz Security claims responsibility for hacking InfraGard, an FBI affiliate that co-ordinates information sharing to fight cyber crime
Hackers claim theft of 1m passwords from Sony Stealing unencrypted, plain text password file was "just a matter of taking it", says hacker group LulzSec
The hacking group made the claim on Twitter, saying it had stolen sensitive information including admin passwords. It linked to an email warning the NHS about vulnerabilities in its security systems.
"While you aren’t considered an enemy – your work is of course brilliant – we did stumble upon several of your admin passwords," the email reads. On the version posted on the Internet, sensitive information has been blacked out.
The Department of Health confirmed that it had received Lulz Security’s email, but did not say whether the allegedly stolen passwords were real.
A spokesperson for the Department said that it was a "local issue" and that no damage has been caused.
"No patient information has been compromised. No national NHS information systems have been affected," they said. "The Department has issued guidance to the local NHS about how to protect and secure all their information assets."
In a recent article entitled ‘Why we secretly love LulzSec‘, journalist Patrick Gray praised the group for having highlighted security issues more effectively than the industry. "Security types like LulzSec because they’re proving what a mess we’re in," he wrote.