London Hospitals Postpone Some Operations After Cyberattack
Some of Britain’s most prestigious hospitals are postponing operations after a ransomware cyberattack hit a provider that helps manage blood transfusions.
Certain procedures that rely more heavily on pathology services have been delayed, with blood testing being prioritized for the most urgent cases, the National Health Service said Wednesday. The attack on lab services provider Synnovis has chiefly affected patients using Guy’s and St Thomas’ Hospital, King’s College Hospital as well as primary care in southeast London.
NHS England has deployed a cyber incident response team “to support Synnovis and provide emergency guidance, as well as coordinating with health services across the capital to minimize disruption to patient care,” a spokesperson said.
The full extent of the attack as well as the impact upon data is not yet known.
Umar Wali, a consultant trauma surgeon with King’s College Hospital, told Bloomberg News that most elective procedures had been canceled, but major trauma and emergency surgery was continuing.
UK public bodies have spent more than £1 billion ($1.3 billion) on lab services provided by Synnovis since 2016, according to data company Tussell.
A spokesman for the Driver and Vehicle Licensing Agency, which has used Synnovis for blood alcohol testing, said the agency has been in touch with the provider for reassurance and implemented additional security controls, but has not experienced any impact from the ransomware attack. Representatives for East Kent Hospitals University NHS Foundation Trust and East Sussex Healthcare NHS Trust also said services have not been impacted by the attack.
Synnovis didn’t immediately respond to requests for comment.
Health-care providers globally are increasingly targeted by hackers, who lock employees out of crucial systems or threaten sensitive patient data in a high-stakes gambit for ransoms. A unit of insurer UnitedHealth Group Inc. faced a cyberattack in February that paralyzed much of the US health-care system. A gang of Russian-speaking cybercriminals targeted the Barts Health NHS Trust, whose hospitals care for about 2.5 million people, in July.
Synnovis is a partnership between the company Synlab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust. This ransomware attack is the third to hit Synlab AG in the last 12 months. In June 2023, Synlab said its French branch was hit by attacker group Clop. In April this year, a cyberattack paralyzed the group’s Italian operation.
The Russian ransomware group known as Qilin appears to be behind the attack, Ciaran Martin, the former chief executive officer of the UK’s National Cyber Security Centre, told the BBC. In an unusual move, the gang didn’t list Synnovis among its victims on its dark web extortion website, which disappeared from the internet Wednesday.
The reason for the disappearance wasn’t immediately clear. Such outages have occurred when ransomware gangs shift their operations to different web services, or during law enforcement actions.
Qilin previously posted 112 victim organizations, largely from the technology sector, on its website, according to the cyber firm Group-IB.
Top photo: National Health Service branding on laboratory coats at Guy’s and St Thomas’s Hospital is London, UK, on Thursday, May 25, 2023. Britain is “absolutely open for business in really high-value science and technology industries,” Chloe Smith, UK science, innovation and technology secretary said, during an interview, citing the case of Oxford Nanopore, that made one of the UK’s best-ever market debuts in 2021.