London hospitals crippled in ransomware attack
LONDON, UNITED KINGDOM — Major hospitals in London declared a critical incident following a cyberattack that severely disrupted operations and emergency services.
The attack, which occurred last June 3, affected hospitals partnered with Synnovis, a provider of pathology services.
Among the impacted institutions are King’s College Hospital, Guy’s and St Thomas’, the Royal Brompton, and the Evelina London Children’s Hospital.
Canceled surgeries, diverted patients as hospitals revert to paper records
The cyberattack had a “major impact” on the delivery of services, particularly blood transfusions and test results. Some departments have been unable to connect to the main server, leading to the cancellation or redirection of procedures to other National Health Service (NHS) providers.
Emergency care remains available, but general practitioner (GP) services across Bexley, Greenwich, Lewisham, Bromley, Southwark, and Lambeth have also been affected.
Russian hacking group Qilin suspected in attack
While Synnovis has deployed a “taskforce of IT experts” to assess the impact of the attack, cybersecurity analysts believe the notorious Russian cybercrime gang Qilin is likely behind the crippling attack.
A spokesperson for Synnovis also expressed deep regret for the disruption caused, stating, “We are incredibly sorry for the inconvenience and upset this is causing to patients, service users, and anyone else affected.”
Meanwhile, the NHS has apologized for the inconvenience brought on by the cyberattack.
A spokesperson for NHS England London region stated that they are working with the National Cyber Security Centre to understand the full extent of the damage.
Calls for increased cybersecurity after “severe” NHS breach
Cyber security experts have weighed in on the incident. Steve Sands from the Chartered Institute for IT emphasized the ever-present danger of ransomware to critical institutions.
“We need to ensure that all public sector organizations have contingency plans in place to manage cyber attacks, that staff are regularly trained on risk, and there is sufficient investment in software resilience,” he told BBC.
Professor Awais Rashid, Head of the Bristol Cyber Security Group at the University of Bristol, highlighted the complexity of digital infrastructures and the cascading impacts of such attacks.
“Hence, cyber-attacks can have significant and substantial cascading impacts as we are seeing in this unfolding situation where critical health services are being impacted.”
John Clark from the University of Sheffield warned about the potential manipulation of blood test results during the attack.
“Patient safety is of paramount concern and the accuracy of results is essential, so it is important to stress that unless it is known what has happened to the system, the accuracy of any stored data cannot be ensured,” he explained.
Government providing support to Synnovis
A government spokesperson assured that patient safety is a priority and that support is being provided to Synnovis. The incident underscores the need for robust cyber defenses and contingency plans across public sector organizations.
The attack has prompted calls for increased investment in cybersecurity to protect critical health services.
The cyber-attack on Synnovis has highlighted vulnerabilities in the healthcare sector’s digital infrastructure. As hospitals work to restore normal operations, the incident serves as a stark reminder of the importance of cybersecurity in safeguarding essential services.