London Hospitals Held To Ransom

Uploaded on 2024-06-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Seven London NHS hospital trusts have been forced to cancel all non-emergency operations and blood tests following a major cyber attack. 

This has meant that operations are being cancelled and emergency patients being diverted elsewhere. It applies to hospitals partnered with Synnovis, a provider of pathology services to a least seven hospitals run by the NHS in the London area have been attacked.  

Synnovis covers Guy’s Hospital, which runs the Evelina London Children’s Hospital, as well as Harefield Hospital, King’s College Hospital, Princess Royal University Hospital, Royal Brompton Hospital and St Thomas’ Hospital as well as GP services across South London. The incident has had a "major impact" on the delivery of services, especially blood transfusions and test results. Non-hospital GP services across large parts of London  have also been affected. 

According to reports, the attack began on Monday 3rd June when a number of Hospital departments could not connect to a main server. As a consequence, some procedures have been cancelled or have been redirected to other NHS providers as the hospitals try to establish what work can be carried out safely.  However the NHS has said that emergency care continued to be available. 

NHS officials said they are working with the National Cyber Security Centre to understand the impact of the attack, while Synnovis said it has been reported to law enforcement and the Information Commissioner

A spokesperson for NHS England London said in a statement “On Monday 3 June Synnovis, a provider of lab services, was the victim of a ransomware cyber attack...  This is having a significant impact on the delivery of services at Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts and primary care services in south east London and we apologise for the inconvenience this is causing to patients and their families." 

“We are working urgently to fully understand the impact of the incident with the support of the government’s National Cyber Security Centre and our Cyber Operations team.” A spokesperson from Synnovis said the company had sent in a "taskforce of IT experts" to "fully assess" the impact. 

In a new development, the group of cyber criminals known as Qilin are thought to be behind the  cyber attack. Qilin is understood to be a Russian hacking gang that runs a ransomware-as-a-service model. They operate using websites on the Dark Web and are suspected of previously targeting  the Big Issue publishing group.

According to the experts at Check Point, Qilin is a Russian-affiliated cyberattack group that operates on a ransomware-as-a-service (RaaS) model and has been active since 2022. This group is known for using Rust and Go programming languages to create its versatile ransomware and maintains a shame site to publish the identity and data stolen from its victims, conducting double-extortion tactics. The group, also known as ‘Agenda’, launched its operations in August 2022 and “rebranded” to Qilin in 2023.

According to Ciaran Martin, the former Chief Executive of the National Cyber Security Centre, Qilin has a two-year history of attacking organisations across the world. Martin claims Qilin’s attack on Synnovis is “more serious”  as it has led to systems not working, adding that this is “really one of the more serious that we’ve seen in this country”.  

In other comment, Alan Stephenson-Brown the CEO at Evolve Group describes the attack as ".. a stark reminder of the importance of stringent cybersecurity measures in the healthcare industry. The value of personal identifiable information held by the NHS cannot be underestimated, or how much of a target it makes the sector to actors who deal in such data on the dark web..."

"While it’s been reported that the health board in this case is urging the public to be alert for any attempts to access their work and personal data, I urge this action to start at the top, and for healthcare bosses to seriously appraise the systems they have in place to identify any potential vulnerabilities... While ensuring contingency planning is in place is vital, healthcare providers should urgently take preventative measures to protect patient data." he said.

Underinvestment in IT can leave systems vulnerable to attack, however, the risk to patient health means hospitals are motivated to restore services as quickly as possible, regardless of the cost. 

While British government policy is not to pay hackers, healthcare services are a priority targets internationally for ransomware gangs, as demonstrated in other recent attacks on the Britsh NHS as well as national healthcare services in Ireland and Spain

NHS England   |   BBC   |   Independent   |   Guardian   |   Computer Weekly   |   The Record   |   News&Star    |

Check Point Software

Image: Ideogram

You Might Also Read:

Stolen NHS Data Published On The Dark Web:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« You’ve Got Mail
Hackers Target Healthcare »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Outpost24

Outpost24

Outpost24 provides easy to deploy and intuitive solutions to continuously identify, remediate and mitigate vulnerabilities in your network.

Ministry of Defence Georgia - Cyber Security Bureau

Ministry of Defence Georgia - Cyber Security Bureau

The aim of the Cyber Security Bureau is to establish and develop stable, effective and secure Information and Communication Technology systems for the Civil Office of MoD of Georgia.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

RKH Specialty

RKH Specialty

RKH Specialty, part of the Hyperion Insurance Group, is a provider of specialty insurance services including Cyber Risk cover.

Waratek

Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.

limes datentechnik

limes datentechnik

limes datentechnik is an authority in the fields of cryptography and data compression. The FLAM product family is an internationally accepted standard for efficient and safe handling of data.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

Intel Capital

Intel Capital

Intel Capital, Intel's strategic investment organization, backs innovative technology startups and companies worldwide. We invest in a broad range of hardware, software, and services.

SecureStack

SecureStack

SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing those developers to become security experts.

Paragon Cyber Solutions

Paragon Cyber Solutions

Paragon Cyber Solutions provides specialized security risk management and IT solutions to protect the integrity of your business operations.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

Cyberleaf

Cyberleaf

Cyberleaf is simplified managed cybersecurity for MSPs, enabling top tier cyber protection for small and medium enterprise.

Cyex

Cyex

Cyex helps people to become cyber wise. We enable our clients to find, track and improve cyber awareness in one place.

Black Alps

Black Alps

Black Alp's mission is to promote cybersecurity through the organization of dedicated events.