Update to Maze’s ransomware attack on Hammersmith Medicines Research
On March 21, this site reported that Maze Team had attacked Hammersmith Medicines Research (HMR) in London — a clinical testing firm that conducts early Phase 1 and Phase 2 pharmacological tests. Maze had attacked and locked up their data on March 14, but HMR was reportedly able to quickly restore their ability to function and refused to pay the ransom demanded.
As this site reported on April 10, HMR subsequently notified research volunteers whose data they knew had been accessed or exfiltrated and dumped on Maze’s website. Notification was not an easy task, as much of the data was years old and addresses may have changed.
Since that last report, there have been two more developments of note.
First, HMR has volunteered their services to the UK’s NHS and local medical practices to help test medical frontline staff for COVID-19. On April 20, they noted:
HMR is volunteering laboratory services, free of charge, to the NHS, as part of the effort to test front-line staff for Covid-19. The Covid-19 Volunteer Testing Network puts us in contact with local GP practices, and we test their staff for the SARS-CoV-2 (the Coronavirus responsible for Covid-19). The GPs collect the samples and deliver them to our laboratory, and we report the test results by the end of the day.
Kudos to them for standing up to protect frontline staff. Keep in mind that while conducting their research operations, they were also having to follow-up and deal with the consequences of Maze’s attack. And yet they volunteered their help to protect frontline workers. In my book, they are heroes, too.
Second, there is an update to their findings concerning the ransomware attack (emphasis below added by DataBreaches.net):
UPDATE on 29 April 2020
We were advised by the National Cyber Crime Unit to inform all volunteers on our database about the theft of our data. However, since we posted the notice below, we’ve obtained a detailed audit trail of the files copied by the criminals. The audit trail shows that our volunteer database was not accessed by the hackers. So, we can now confirm that, if you’ve never attended a screening visit for a clinical trial at HMR, your data weren’t stolen. If you have attended a screening visit, you can contact us to find out whether your details have been stolen – we don’t have electronic copies of identity documents, health information and bank details for everyone we’ve screened.
So Maze Team didn’t get all the data after all? They didn’t even access the main volunteers’ database?
DataBreaches.net has sent email inquiries to both HMR and Maze, seeking additional details, but received no replies by publication time. This post may be updated if additional information or proof from Maze is obtained. But I note that this is not the first time that Maze claimed to get everything but a victim has disputed their claims.