Serco, one of the companies involved in the NHS Test and Trace operations, has confirmed that it has been hit by a cyberattack. NHS Test and Trace is unaffected.

Sky News reported that public services company Serco was targeted by Babuk ransomware, a new form of ransomware that is used by attackers to encrypt networks and steal data, with the victim told to pay a ransom to unencrypt their network and prevent stolen data from being released.

Serco is one of the two main contractors providing call handlers to support NHS professionals involved in Test and Trace, and one of the five companies managing testing centres.

Serco confirmed to Verdict that the attack had occurred, but that NHS Test and Trace had not been affected in any way.

A Serco spokesperson said:

“Serco’s mainland European business has been subject to a cyberattack. The attack was isolated to our continental European business, which accounts for less than 3% of our overall business. It has not impacted our UK business or the services that we deliver for our UK customers.”

Miles Tappin, VP of EMEA at ThreatConnect said:

“The recent attack on Serco by criminals operating the so-called Babuk ransomware exposes the inherent weaknesses of the system. Personal information was left vulnerable to outsiders using the information for their own private and financial gain. Despite no documents being affected this time around, it is clear that only time will tell whether an attack like this will happen again.

“As the government continues to work and implement track and trace technology, it is vital that it collaborates with businesses. If more personal data collection is required, they must have security at the forefront of their minds. Working together as dynamic teams capable of pulling internal and external threat data and intelligence from multiple sources into one space allows organisations to understand the continually changing threat landscape. This is the only way to ensure they have the resources to defend themselves effectively.”


Read More: UK Research and Innovation hit by ransomware attack.