fbpx

Hammersmith Medicine Research Data Breach Claims

THIS ACTION IS NOW CLOSED

On 14th March 2020, the Maze ransomware group attacked the computer systems of Hammersmith Medicines Research (HMR) – a company which performs early clinical trials of drugs and vaccines. 

This page explains how the data breach happened, the facts of the case, and the consequences for the affected victims.  

What happened in the Hammersmith Medicines Research data breach?

In 2020, a hacker group targeted Hammersmith Medicines Research (HMR). After successfully infiltrating HMR’s systems, the criminals accessed some extremely sensitive and private data belonging to former volunteers.

Following the cyberattack, HMR did not pay the requested ransom. Malcolm Boyce, managing and clinical director and doctor at HMR said: “We have no intention of paying. I would rather go out of business than pay a ransom to these people”.

In response to this refusal, the cyber gangsters published the personal and medical details of more than 2,300 former volunteer patients online. The information has since been taken down.

The extremely sensitive and confidential information exposed in this hack included:

The data exposed went back years. The published records were from some volunteers with surnames beginning with D, G, I or J. However, even if your records weren’t among those that were published, the criminals might have stolen copies of them. 

There was a real risk that anyone exposed in the data breach could see criminals use their stolen identity documents to commit fraud (such as taking out a loan in their name). As such, we warned victims of the Hammersmith Medicines Research data breach to be extra vigilant.

Anyone who had previously volunteered for a paid London medical trial via www.londontrials.com could also have had their records stolen.

Despite HMR contacting some of those affected (around 2,300 former volunteer patients), of those who have contacted us about the breach, approximately 60% had not received this confirmation from HMR. 

Hammersmith Medicines Research Data Breach Timeline

  • 14 March 2020
    HMR was subjected to a targeted and sophisticated attack by cyber criminals.
  • 21 - 23 March 2020
    The breached data was published online.
  • 6 April 2020
    HMR sent a notification email to some affected volunteers.

Your questions answered

See our answers to the FAQs we get asked about the Hammersmith Medicines Research Data Breach.

FAQs about the Hammersmith Medicines Research data breach

On 14th March 2020, the Maze ransomware group attacked the computer systems of Hammersmith Medicines Research (HMR).

HMR did not pay the ransom. In response to this refusal, the cyber gangsters published the personal and medical details of more than 2,300 former volunteer patients online.

The extremely sensitive and confidential information exposed in this hack includes names and dates of birth, identity documents (scanned passport, National Insurance card, driving licence and/or visa documents, and any photographs taken at the screening visit), health questionnaires, consent forms, information from GPs and some test results (including, in a few cases only, positive tests for HIV, hepatitis, and drugs of abuse). The hackers may also have accessed bank details.

According to HMR, the published records were from some volunteers with surnames beginning with D, G, I or J. However, HMR admits that criminals might still have your data, even if your records weren’t among those published.

The published records were from some volunteers with surnames beginning with D, G, I or J. However, even if your records weren’t among those that were published, the criminals might have stolen copies of them. 

With the stolen files likely to date back 20 years, our early investigations indicate that hundreds of thousands of people could be involved in the HMR data breach.

HMR was negligent in safeguarding your data due to insufficient security systems. Just because it was a victim of a crime does not mean it is any less liable.