Hackers who targeted the private hospital where Kate Middleton was treated threaten to release the royal family’s private medical data
- GCHQ and police investigate hacking gang Rhysida, named after centipede
Hackers who targeted the private hospital where Kate, Princess of Wales, was treated are threatening to release private medical information of members of the royal family.
The gang broke into the computer systems of King Edward VII’s Hospital and warned that they plan to release “royal family data” on Tuesday unless they receive £300,000 in the cyber currency Bitcoin.
The ransom was demanded on the dark web, where the hackers posted images of what they believe to be stolen files, including X-rays, letters from consultants, registration forms, handwritten clinical notes and pathology forms.
Prince William and his wife Catherine, Duchess of Cambridge leave King Edward VII’s hospital
The Princess of Wales was admitted to King Edward VII’s Hospital in 2012 due to prolonged bouts of acute morning sickness during her first pregnancy. Kate is pictured attending the 2023 Royal Variety Performance at the Royal Albert Hall
The gang said, “Unique files are brought to your attention! Royal family details! A large amount of patient and employee data. Sold in one lot!!’
GCHQ and police are investigating the attack by hacking gang Rhysida – named after a venomous tropical centipede.
The 56-bed private hospital in Marylebone has been used by the royal family for more than a century. The late Queen Elizabeth II was a patient, as was Prince Philip, who was treated there for almost a month before dying in 2021 at the age of 99.
The Princess of Wales was admitted there in 2012 with prolonged bouts of acute morning sickness during her first pregnancy.
During her stay, two Australian radio DJs placed a hoax call and obtained personal medical information about Kate – then the Duchess of Cambridge – which they then broadcast, forcing hospital bosses into an embarrassing apology.
The nurse who unknowingly took the call later committed suicide over the prank.
Last night, Philip Ingram, a former colonel in British Military Intelligence, said: ‘Given the highly sensitive nature of the patients, there will be some pressure on the hospital to try to prevent this data from being released.
And therefore I would expect them to explore the possibility of paying the ransom.
“The difficulty is that the attack has already happened and many of those high-profile customers will be taking risk mitigation measures on their own. To that extent, the damage has already been done.’
The 56-bed private hospital in Marylebone has been used by the royal family for more than a century. Pictured: Police officers outside King Edward VII’s Hospital in London
Colonel Ingram said that even if the hospital decided to pay the ransom, there was no guarantee the data would be returned.
He warned it could be copied and sold on to other cybercrime gangs. “This will be a national effort involving the National Cyber Security Center (NCSC) and GCHQ,” he said.
A spokesperson for the NCSC, GCHQ’s computer crime arm, confirmed: ‘We are in discussions with King Edward VII’s Hospital to understand the impact.’
A hospital spokesperson said: ‘We recently experienced an IT security incident.
“We took immediate steps to mitigate its impact and have continued to provide patient care largely as normal.
‘We also launched an investigation, which revealed that a small amount of data had been copied.
‘Although this was mainly benign hospital system data, a limited amount of patient information was copied. We apologize.”
Buckingham Palace did not return requests for comment.