Lister Fertility Clinic, Nuffield Health and other private clinics affected in huge medical data breach

doctor using a computer

A document management firm used by UK medical clinics and hospitals has experienced a ransomware attack. As a result of the hack, thousands of people have had their confidential data breached. Lister Fertility Clinic, Nuffield Health and other private clinics are affected in this huge medical data breach.

What has happened?

Stor-a-File is a UK provider of specialist document management services. The company discovered it was facing a ransomware attack in September 2021, when employees could not log in to their computers. Instead, they found messages demanding $4 million in Bitcoin or sensitive material would be leaked. Stor-a-File refused to pay up, and, as a result, criminals leaked some patient data on the dark web. In total, 13 organisations have been affected, six of which are healthcare-related.

The Lister Fertility Clinic & Nuffield Health Leicester Hospital are impacted by the breach

The Lister Fertility Clinic is one of those impacted by the breach. It contacted patients in November to inform them that their confidential data had been accessed by cybercriminals.

The attack also affected the Nuffield Health Leicester Hospital. Patients were informed about the data breach in October. They were also warned to be cautious of any communications claiming to be from Nuffield Health. Marie Stopes and the British Pregnancy Advisory Service clinics are also said to be involved.

Around 1,700 patients are thought to be affected.

What data was accessed in this breach?

Sensitive medical records, including consent forms, medical history, test results, recommendations for treatment, and fertility treatment records, could now be at the mercy of cybercriminals.

Stor-a-File’s clients include several NHS hospital trusts and GP practices, but the company insists that NHS data is not affected. This contradicts a Daily Mail article which claimed that the Russian hackers had dumped highly sensitive NHS data on the dark web, including “details of abortions, HIV tests and mental health issues”.

The police and the Information Commissioner’s Office (the UK’s data protection regulator) are investigating the breach.

Should those affected be worried?

Unfortunately yes. While some people have been told that their data has not yet been shared on the dark web, there is no guarantee that this won’t happen. As well as posting data online – and making private medical procedures public – the hackers might choose to sell the medical records to other criminals. Similar medical data breaches have resulted in fraud, blackmail, identity theft and more. So those affected are likely to be experiencing high levels of distress.

Make a medical data breach compensation claim with Keller Postman UK

If you have been affected by the breach of your medical data, we can help you make a compensation claim for the failure to protect your private and sensitive information. This includes for any emotional distress suffered and any other losses experienced due to the breach (e.g. if cybercriminals used your details to carry out theft or fraud).


We are no longer accepting new clients to this action.

In March 2024, our firm changed its name to KP Law. 

Share this article: