London (Parliament News) – A Russian ransomware group attacked Synnovis, disrupting London hospitals and causing 1,600 cancellations. NHS England is investigating leaked data, highlighting healthcare sector vulnerabilities and the urgent need for improved cybersecurity.
Data from a ransomware invasion has allegedly been published online weeks after the attack ceased operations and tests in major London hospitals, NHS England has stated.
Who is behind the ransomware attack on Synnovis?
A Russian group undertook the cyber-attack on Synnovis, a private pathology company that analyses blood tests for Guy’s and St Thomas’ NHS Foundation Trust (GSTT) and King’s College trust, on 3 June, causing hospitals in the capital to withdraw almost 1,600 operations and outpatient appointments.
NHS England stated on Friday it had “been made aware that the cyber-criminal group posted data last night which they are arguing belongs to Synnovis and was stolen as part of this attack. We know how worrying this development may be for many people. We are taking it very seriously.” In the episode, hackers from the Russian-based ransomware criminal company Qilin infiltrated Synnovis’s IT system and shut the computer system by encrypting its files to exact a payment for restoring access. The trusts have agreements with Synnovis totalling just under £1.1bn for services that are essential to the smooth running of the NHS.
Qilin posted 104 files, with each having 3.7GB of data, on a messaging platform. The post is crowned with an image of the Synnovis logo, a description of the business and a link to its website.
What is NHS England’s response to the data leak?
NHS England expressed that analysis of the data was underway involving the National Cyber Security Centre and other members to confirm whether the data was assumed from Synnovis’s systems and what information it contained. Typically, the discharge of stolen data by ransomware gangs is a signal that Synnovis has not made a payment – usually required in the cryptocurrency bitcoin – for the decryption of its programs or deletion of taken files.
Why are London hospitals vulnerable to ransomware attacks?
Don Smith, the vice president of threat research at SecureWorks, a cybersecurity firm, expressed the attack had highlighted the exposure of the health sector because its troves of data make it a premium target. The Qilin attack tracks a hack on the NHS Dumfries and Galloway health committee where patient data was stolen. He stated: “It follows closely in the wake of attacks on the NHS in Dumfries and Galloway and underlines that this sector, which is incredibly rich in data, must be protected.”
How many hospital operations were cancelled due to the attack?
When the hack started, seven hospitals operated by two NHS trusts experienced serious trouble with their services, including cancelling or moving elective procedures. Two major acute hospital trusts in London delayed 832 surgical procedures, including cancer surgery and organ transplants among others, between 3 June and 9 June.
The trouble affected hospitals including Guy’s, St Thomas’ and King’s College, as well as the Evelina Children’s hospital, Royal Brompton, the Harefield specialist heart and lung hospitals and the Princess Royal Hospital in Orpington.