{
	"id": "c67b80e7-6052-4cfa-85b2-ca2b6dec0bc5",
	"created_at": "2026-04-06T00:12:59.62565Z",
	"updated_at": "2026-04-10T03:20:57.639081Z",
	"deleted_at": null,
	"sha1_hash": "f580031b676c2a3c79822f3027868d0c7efe4245",
	"title": "Drug testing firm sends data breach alerts after ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2039221,
	"plain_text": "Drug testing firm sends data breach alerts after ransomware attack\r\nBy Lawrence Abrams\r\nPublished: 2020-04-07 · Archived: 2026-04-05 14:12:19 UTC\r\nHammersmith Medicines Research LTD (HMR), a research company on standby to perform live trials of Coronavirus\r\nvaccines, has started emailing data breach notifications after having their data stolen and published in a ransomware attack.\r\nThis attack occurred on March 14th, 2020, when the Maze Ransomware operators stole data hosted on HMR's network and\r\nthen began to encrypt their computers.\r\nAfter the ransom was not paid, the Maze operators published some of the stolen data on their \"News\" site on March 21st to\r\nfurther extort HMR into making a payment.\r\nhttps://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nLeaked HMR Data\r\nAt that time, HMR stated that they could not afford the ransom demand and wouldn't pay even if they could.\r\n\"We have no intention of paying. I would rather go out of business than pay a ransom to these people,\" Malcolm Boyce,\r\nmanaging and clinical director and doctor at HMR, told Computer Weekly.\r\nAccording to HMR's data breach notification, the stolen records contained the personal information for volunteers who\r\nsurnames begin with D, G, I, or J.  \r\n\"We’re sorry to report that, during 21–23 March 2020, the criminals published on their website records from some of our\r\nvolunteers’ screening visits.  The website is not visible on the public web, and those records have since been taken down.\r\n The records were from some of our volunteers with surnames beginning with D, G, I or J.\"\r\nThe personal information exposed in these leaked documents include:\r\nname,\r\ndate of birth,\r\nidentity documents (scanned passport, National Insurance card, driving license and/or visa documents, and the\r\nphotograph we took at the screening visit),\r\nhealth questionnaires,\r\nconsent forms,\r\ninformation from general practitioners,\r\nsome test results (including, in a few cases only, positive tests for HIV, hepatitis, and drugs of abuse).\r\nHMR states that most of the government IDs that they have in their possession have since expired, but they warn potential\r\nvictims that they should contact the issuing organization to report the stolen IDs.\r\nHMR also recommends that victims contact CIFAS (the UK’s Fraud Prevention Service) and apply for a protective\r\nregistration, which alerts companies to take extra measures when opening financial accounts or services under the\r\nregistrant's identity.\r\nhttps://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/\r\nPage 3 of 5\n\nRansomware operators continue to attack health care\r\nOn March 18th, BleepingComputer contacted numerous ransomware operators and asked if they would attack hospitals and\r\nhealth care organizations during the Coronavirus pandemic.\r\nFour of the ransomware operators, including Maze, Clop, DoppelPaymer, and Nefilim, stated that they would not target\r\nhospitals and medical organizations during the pandemic and would decrypt any that are accidentally encrypted.\r\nWhen Maze publicly released HMR's documents on March 21st, it was seen as a breaking of this pledge. Maze, though,\r\nargued that HMR was attacked on the 14th before the pledge was made.\r\nMaze continues to tell BleepingComputer that they will not attack healthcare organizations after their March 18th pledge.\r\nOther ransomware operators, though, continue to target hospitals with no sign of letting up.\r\nFor example, Ryuk Ransomware continues to target hospitals and medical organizations with four attacks occurring this past\r\nmonth.\r\nMicrosoft has also seen an uptick in ransomware operators targeting hospitals and health care organizations.\r\nTo assist these organizations, Microsoft has started to proactively contact hospitals and healthcare organizations that are\r\nusing publicly accessible VPN and gateway devices with known vulnerabilities targeted by ransomware.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nhttps://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/\r\nPage 4 of 5\n\nSource: https://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack/"
	],
	"report_names": [
		"drug-testing-firm-sends-data-breach-alerts-after-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434379,
	"ts_updated_at": 1775791257,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f580031b676c2a3c79822f3027868d0c7efe4245.pdf",
		"text": "https://archive.orkl.eu/f580031b676c2a3c79822f3027868d0c7efe4245.txt",
		"img": "https://archive.orkl.eu/f580031b676c2a3c79822f3027868d0c7efe4245.jpg"
	}
}