Cybercriminals have caused chaos at several major London hospitals by launching a ransomware attack on pathology firm Synnovis. This attack occurred on June 3, affecting the firm’s ability to provide services such as organ transplants at sites across central and southeast London. In response, the cyber gang Qilin has published approximately 400 gigabytes of stolen data, including patient information and financial data related to Synnovis. While it is unclear if test results have been shared, the group had previously threatened to release the data if they were not paid.
Public bodies, including the National Health Service, the National Crime Agency, and the National Cyber Security Centre, are currently investigating the ransomware attack. NHS England has stated that they are working with Synnovis and their partners to determine the content of the published files and whether they relate to NHS patients or not. Hospitals are still struggling to recover from the attack, with Synnovis unable to process most blood tests. While progress is being made to restore services, it is expected to take weeks, rather than days, to fully recover.
CEO Mark Dollar of Synnovis has assured that a comprehensive plan is in place to restore services while a forensic investigation is ongoing. Resources are being dedicated to ensure the restoration process is successful, with support from colleagues and partners. Cybersecurity experts, including Saira Ghafur from Imperial College London, have noted that this attack is one of the most significant cyber attacks on the NHS. The impact on patient care is expected to be severe and ongoing for a couple of weeks.
The attack has affected several prominent hospitals in London, including King’s College Hospital, Guy’s Hospital, and St Thomas’s Hospital. St Thomas’s gained international attention during the pandemic for treating former Prime Minister Boris Johnson for Covid-19. As investigations into the ransomware attack continue, efforts to restore services and secure patient data are being prioritized. The release of patient information by cybercriminals has raised concerns about data security and patient privacy, prompting increased vigilance and cybersecurity measures within the healthcare industry. The aftermath of this cyber attack serves as a reminder of the potential threats posed by cybercriminals to critical infrastructure and patient care systems.
