Emerging ThreatsData Breaches

Qilin Ransomware Breach Tally Grows with Essex Trust Confirmation

Analyst 207||Source: TheRegister
Qilin Ransomware Breach Tally Grows with Essex Trust Confirmation

Two years on from a ransomware attack, hospitals are still trying to identify and warn patients.

Qilin appears in the tally as NHS breach count grows

The incident list tied to the Qilin name has expanded, with reporting that an Essex trust has confirmed stolen records. The shorthand used by the reporting outlets links the attacker label "Qilin" to ongoing disclosures within the NHS estate; the most immediate, named development is the Essex trust's admission that records were taken.

Essex trust confirms stolen records

The trust in Essex has publicly acknowledged that records were stolen, adding its case to a growing breach tally associated with the Qilin incident. That confirmation makes the episode not a single, contained event but part of a sequence of exposures now being tallied and disclosed.

Hospitals are still identifying and warning patients

Two years after the initial ransomware incident referenced in reporting, hospital organisations remain engaged in the work of identifying which patient records were affected and issuing warnings to those patients. The continuing notification efforts indicate that the process of scoping what was taken and who must be informed has not concluded quickly.

How Essex trust, hospitals, and patients are responding

  • Essex trust: The trust has confirmed that records were stolen and thus has moved from investigation to public admission. That step places it among the organisations included in the expanding breach tally tied to Qilin.
  • Hospitals: Multiple hospital bodies are still allocating time and resources to identify affected records and to contact patients. Their ongoing activity shows notification and forensic tasks continue long after the initial attack.
  • Patients: Individuals whose records may have been exposed are the focus of the notification efforts; reporting makes clear that hospitals are still trying to identify and warn them two years on.

What the timeline implies for remediation and disclosure

The plainly stated timeline — two years between the ransomware event and continuing patient-notification work — frames this as a protracted incident. The fact pattern in reporting points to a breach that has required extended investigation and phased disclosure: a growing tally of affected organisations (now including an Essex trust), and ongoing efforts by hospitals to determine who must be told and how.

The arithmetic is simple even when details are sparse: when an admission of stolen records appears long after an initial incident, the practical consequence is prolonged operational strain on care providers and extended uncertainty for patients. The reporting leaves that consequence visible even where specifics about scale, data types, or exact dates of theft are not supplied.

Conclusion: a breach still unfolding in public view

The material published about this episode documents a continuing story rather than a closed file. Qilin's name is attached to an expanding list of NHS-related disclosures, and the Essex trust's confirmation of stolen records adds to that list. Crucially, hospitals are still in the process of identifying who must be warned — two years on from the initial attack — which keeps this episode active for patients, care providers, and the public record.

Read the original reporting here: https://www.theregister.com/cyber-crime/2026/06/09/qilin-nhs-breach-tally-grows-as-essex-trust-confirms-stolen-records/5252663

Data BreachEmerging ThreatsHealthcareNation-State ActorsSupply ChainUnited KingdomNHSQilin RansomwareRansomware Breach
Related Intelligence

Continue Reading

Developer workstation with laptop and blurred terminal screen, highlighting supply chain security concerns.

PyPI Packages Poisoned in Hades Supply Chain Attack

Malicious actors have launched a supply-chain attack on the Python Package Index (PyPI), infecting 19 packages with 37 tainted versions that can download and execute a hidden JavaScript payload. This sneaky Hades campaign uses poisoned Python packages to spread its reach, putting developers and users at risk.

Analyst 207
Laptop screen on a minimalist desk with a blurred display and a subtle bug icon in the background.

Google Patches Chrome Zero-Day Flaw Exploited in the Wild

Google just dropped an emergency update for Chrome, fixing a whopping 74 vulnerabilities, including a zero-day flaw that's been exploited by hackers in the wild. A security researcher scored a $55,000 reward for reporting the bug, now patched in the latest Chrome update.

Analyst 207
Government office workstation with blurred computer screen and muted decor.

French Govt Messaging Service Breached in Account Hijacking Attack

France's digital affairs directorate swiftly sprang into action, blocking a compromised account that was used to hijack a government messaging service, and is now conducting a thorough investigation to assess the damage. The breach was detected by the French Cybersecurity Agency, allowing authorities to shut down the attacker's access and analyze what data was exposed.

Analyst 207
Laptop in office setting with remote access VPN connection setup, hinting at security vulnerability.

Check Point Discloses Zero-Day Auth Bypass Bug Under Active Exploitation

A critical authentication flaw, CVE-2026-50751, has been discovered in Check Point's Remote Access VPN and Mobile Access solutions, allowing attackers to bypass user authentication and establish a remote access VPN connection without a valid password. This severe vulnerability, scoring 9.3 on the CVSS scale, affects deployments using the outdated IKEv1 key exchange protocol.

Analyst 207