London Hospitals Held To Ransom

Uploaded on 2024-06-20 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

A recent major cyber attack on NHS hospitals caused a number of procedures to be cancelled or changed, with blood transfusions said to be particularly affected, according to health trusts.

Now, a ransom demands of $50million have been made by Qilin cyber gang following the attack impacting London NHS services over two weeks ago, which consequently has held up patient appointments, blood transfusions and operations.

Affected hospitals were forced to launch an appeal for O blood-type donors to book appointments across the country following the ransomware attack affecting several major London hospitals.

Cyber security expert Deryck Mitchelson, former-CISO at NHS Scotland and head of global CISO at Check Point Software has commented "The Qilin ransomware incident has had a huge knock-on effect on the daily running of NHS hospitals in the South-East of England. These attacks always feel quite personal and continue to raise questions about why public services are repeatedly made the target of criminal gangs... While details about the data being held are still unclear, the group's demands for $50 million suggests that it is serious. The size of ransom is based on the scale of disruption and acts as the carrot being dangled to quickly restore services. Although paying it might seem like the easier way out, there are hidden costs to settling...

"Simply put, there is no guarantee the data will be restored or trustworthy, and it might still end up being exposed after payment." 

According to Mitchelson, organisations who choose to pay ransoms won’t be protected from future attacks nor will it prevent the reputational costs they might be left with. "So, it is essential that the organisation is clear on the type of data that has been stolen so that they know the scale of the breach and can plan the right route to recovery."

The recent cyber attack has meant that the affected hospitals cannot currently match patients' blood in the way that they usually do. O-negative is the type that can be given to anyone, known as the universal blood type. It is used in emergencies or when a patient’s blood type is unknown. Air ambulances and emergency response vehicles carry O-negative supplies. Several of the  London based hospitals affected have cancelled operations and tests, and were unable to carry out blood transfusions recently after the attack on the pathology firm Synnovis, which Qilin, a Russian group of cyber criminals, is believed to have been responsible for.

Emails to the NHS staff at King's College Hospital, Guy's and St Thomas’s and primary care services in London has said a critical incident had been declared.

For surgeries and procedures requiring blood to take place, hospitals need to use O- type blood as this is safe to use for all patients and blood has a shelf life of 35 days, so stocks need to be continually replenished, the NHS said. 

Eight per cent of the population have type O-negative but it comprises about 15% of hospital orders. O-positive is the most common blood type, 35% of donors have it, and it can be given to anybody with any positive blood type. This means three in every four people, or 76% of the population, can benefit from an O-positive donation.

Andrew Hollister, CISO at LogRhythm, commented " The urgent call for O-type blood donations following the ransomware attack on Synnovis is proof of the dangerous and disruptive real-life consequences caused by cyberattacks.  The ongoing repercussions from this attack are a critical reminder that cyberthreats are not victimless crimes... "

"Healthcare organizations need to treat this attack as an urgent reminder to prioritize the cybersecurity of not only their own systems but also of any third-party providers they are using."
  
"Keeping ahead of sophisticated risks requires organizations to do the basics well including patching, backups, and implementing two factor authentication everywhere possible... One hundred percent security is not possible, but organizations should seek to reduce the risk as much as possible considering the consequences of a successful compromise...

"Failure to take action risks the well-being of individuals that rely on essential services and no industry is safe." Hollister said.

Blood.UK   |   BBC   |   Guardian   |   Sky   |   Standard   |    Londra Gazete

Image: Anna Shvetsa

You Might Also Read: 

Spanish Healthcare Service Works On Resilience:

DIRECTORY OF SUPPLIERS - Ransomware Protection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Major AI Threats Cyber Security Teams Must Deal With
Business Email Compromise Warning Signs »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Axial

Axial

Axial Systems is one of the UK’s leading solution providers and systems integrators in network, security and services.

CCN-CERT

CCN-CERT

CCN-CERT is the Spanish national government computer security incident response centre.

Fidelis Security

Fidelis Security

Fidelis Security is a leading provider of extended threat detection and response (XDR) solutions for your security operations.

Pipeline Security

Pipeline Security

Pipeline is a leader in cybersecurity, offering comprehensive services to protect organizations from evolving threats.

Dazz

Dazz

Dazz is the cloud security remediation platform for smart security and development teams.

Nemstar

Nemstar

Nemstar is a specialist in Information Security & Cyber Training with over 25 years' industry experience.

RevealSecurity

RevealSecurity

RevealSecurity's TrackerIQ detects malicious activities in enterprise applications.

VC3

VC3

VC3 provides a full range of Information Technology Solutions and Services to hundreds of municipalities and organizations throughout the USA.

Pessimistic Security

Pessimistic Security

The team behind Pessimistic helps blockchain startups meet modern security challenges since 2017.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

Tarlogic

Tarlogic

Tarlogic works to protect and defend your security with the highest quality technical team with next generation solutions to achieve the best protection.

Collabera Digital

Collabera Digital

Collabera Digital engineer the next generation of solutions that power tech-forward organizations and create an impact on people and communities.

Increase Your Skills (IYS)

Increase Your Skills (IYS)

Armed and ready: raise awareness of cyberattacks in your company with the Full-Service Awareness Platform from IYS – fast and effective. We help you develop a robust, sustainable security strategy.

Lintu Solutions

Lintu Solutions

Lintu Solutions is a trusted provider of comprehensive cybersecurity and enterprise risk management solutions.

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.