Services disrupted as London hospitals hit by cyber-attack | NHS
[ad_1]
Major NHS hospitals in London have been affected by a cyberattack that has severely disrupted their services, including blood tests and blood transfusions.
Ransomware attack has ‘major impact’ on care provided at Guy’s and St Thomas’ NHS trust, its chief executive officer told staff in a letter.
The attack is understood to have affected other hospitals, including King’s College Hospital, and left them unable to connect to the servers of the private firm that provides their pathology services.
Synnovis, an outsourced provider of laboratory services to NHS trusts in south-east London, was the target of an attack believed to be a form of ransomware, a piece of software that locks up a computer system to extort payment to restore access.
According to one health worker, laboratories are still functioning, but communication with them is limited to paper only, creating a huge bottleneck and forcing the cancellation or rescheduling of all but the most urgent blood tests. Direct connections to Synnovis servers have been severed to limit the risk of the infection spreading.
Increasingly, ransomware attacks also involve the exfiltration of sensitive data with the threat of publishing the hacked information if payment is not made.
This is the third attack in the past year affecting part of the Synlab group, a German medical services provider with subsidiaries across Europe. In June 2023, the Clop ransomware gang hacked and stole data from the company’s French branch in just days after hitting the headlines to remove a payroll provider for companies including BA, Boots and the BBC. Klopp released the stolen data later in the summer.
In April of this year, Synlab’s Italian affiliate was hit by a different ransomware group called “Black Basta.” In this attack, the group stole 1.5TB of data and republished it without a ransom being paid.
Synnovis and Synlab UK have been contacted for comment.
Healthcare is a popular target internationally for ransomware gangs. Underinvestment in IT can leave systems vulnerable to attack, while the risk to patient health means many providers are eager to restore services as quickly as possible, regardless of the cost.
If data is stolen, it is usually particularly sensitive, and many healthcare providers are explicitly or effectively supported by the state, giving them access to emergency funds.
In the UK, however, there is growing pressure from security services to prevent public and private sector organizations from paying ransoms. After the British Library was hit by a malicious hack in October 2023, it reiterated that it “has not made any payments to, or engaged in any way with, the criminal individuals responsible for the attack”.
“Ransomware gangs considering future attacks like this against publicly funded institutions should be aware that UK national policy, as set out by the NCSC [National Cyber Security Centre]it is unequivocally clear that no such payments should be made’ the library said in an incident report earlier this year.
[ad_2]