Russian cyber criminals behind hospital ransomware attack

5 June 2024, 17:34

King’s College Hospital
King’s College Hospital. Picture: PA

Several London hospitals declared a critical incident, cancelled operations and tests, and were unable to carry out blood transfusions.

A Russian group of cyber criminals is behind the ransomware attack affecting major London hospitals.

The PA news agency understands the group called Qilin is behind the attack on the pathology firm Synnovis, which has severely affected operations, tests and blood transfusions in the capital.

Earlier, former chief executive of the National Cyber Security Centre Ciaran Martin said the incident had led to a “severe reduction in capacity” and “it’s a very, very serious incident”.

Memos to NHS staff at King’s College Hospital, Guy’s and St Thomas’ (including the Royal Brompton and the Evelina London Children’s Hospital) and primary care services in London said a critical incident had been declared.

Asked on BBC Radio 4’s Today programme if it is known who attacked Synnovis, Mr Martin said: “Yes. We believe it is a Russian group of cyber criminals who call themselves Qilin.

“These criminal groups – there are quite a few of them – they operate freely from within Russia, they give themselves high-profile names, they’ve got websites on the so-called dark web, and this particular group has about a two-year history of attacking various organisations across the world.

“They’ve done automotive companies, they’ve attacked the Big Issue here in the UK, they’ve attacked Australian courts. They’re simply looking for money.”

He said it is “unlikely” the Russian hackers would have known they would cause such serious primary healthcare disruption when they set out to do the attack.

He added: “There are two types of ransomware attack. One is when they steal a load of data and they try and extort you into paying so that isn’t released, but this case is different. It’s the more serious type of ransomware where the system just doesn’t work.

“So, if you’re working in healthcare in this trust, you’re just not getting those results so it’s actually seriously disruptive.

“This type of ransomware has affected healthcare all over the world.

St Thomas’ was among a number of London hospitals affected by the cyber attack (Trevor Mogg/Alamy/PA)

“It’s particularly damaging in the United States, and where this type of cyber attack is different in terms of its impact from others, is that it does affect people’s healthcare. So it’s really one of the more serious that we’ve seen in this country.”

He said the Government has a policy of not paying but the company would be free to pay the ransom if it chose to.

Regarding patient data, he said: “It’s not really a question of data in this one, it’s a question of the services.

“The criminals are threatening to publish data, but they always do that. Here the priority is the restoration of services.”

Synnovis is a provider of pathology services and was formed from a partnership between SynLab UK & Ireland, Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust.

Some procedures and operations at the hospitals have been cancelled or have been redirected to other NHS providers as hospital bosses establish what work can be carried out safely.

NHS officials said they are working with the National Cyber Security Centre to understand the impact of the attack.

Synnovis said the incident has been reported to law enforcement and the Information Commissioner.

Sunday with Laura Kuenssberg
Health Secretary Victoria Atkins said patient safety is her ‘absolute priority’ (Lucy North/PA)

Health Secretary Victoria Atkins said on Wednesday that her “absolute priority is patient safety”.

On social media site X, formerly Twitter, Ms Atkins wrote: “Throughout yesterday I had meetings with NHS England and the National Cyber Security Centre to oversee the response to the cyber attack on pathology services in south-east London.

“My absolute priority is patient safety and the safe resumption of services in the coming days.”

An NHS London spokesperson said: “The ransomware cyber attack on Synnovis is continuing to cause disruption to services at Guy’s and St Thomas’ NHS Foundation Trust, King’s College Hospital NHS Foundation Trust, and primary care providers in south-east London.

“All urgent and emergency services remain open as usual and the majority of outpatient services continue to operate as normal.

“Unfortunately, some operations and procedures which rely more heavily on pathology services have been postponed, and blood testing is being prioritised for the most urgent cases, meaning patients have had phlebotomy appointments cancelled.

“We are sorry to all patients impacted and NHS staff will work hard to re-arrange appointments and treatments as quickly as possible.

“NHS England has deployed a cyber incident response team, which is working round the clock to support Synnovis and provide emergency guidance, as well as co-ordinating with health services across the capital to minimise disruption to patient care.”

One cyber security expert said that the service may need to re-run some tests as it may not be possible to know whether any stored data had been manipulated by the hackers.

John Clark, professor of computer and information security at the University of Sheffield, said: “Patient safety is of paramount concern and the accuracy of results is essential, so it is important to stress that unless it is known what has happened to the system, the accuracy of any stored data cannot be ensured.

“Determining whether stored data has been manipulated may simply not be possible and tests may have to be rerun and results re-recorded.”

The Health Service Journal (HSJ) reported one senior NHS manager saying: ”It’s everyone’s worst nightmare.

“The difficulty will be that when you have total system downtime, the volumes of tests will be huge. Even if you could transport samples around London to other labs how would you get the results back as they are not integrated in that way?

“Urgent tests will have to be managed onsite. They will no doubt be asking GPs to send urgent tests only, to manage volumes.”

Another source told the HSJ the attack presented a huge problem for urgent and emergency care at the hospitals as they would not be able to access quick-turnaround blood test results.

Synnovis said on Wednesday it was unable to comment further on the attack.

Company chief executive Mark Dollar said a taskforce of IT experts from Synnovis and the NHS was working to fully assess the impact and what action is needed.

“Regrettably, this is affecting patients, with some activity already cancelled or redirected to other providers as urgent work is prioritised, ” he said.

One patient, Oliver Dowson, 70, was prepared for an operation from 6am on Monday June 3 at the Royal Brompton Hospital when he was told by a surgeon at about 12.30pm that it would not be going ahead.

He told PA: “The staff on the ward didn’t seem to know what had happened, just that many patients were being told to go home and wait for a new date.

“I’ve been given a date for next Tuesday and am crossing my fingers – it’s not the first time that they have cancelled, they did it on May 28 too, but that was probably staff shortages in half-term week.”

Vanessa Welham, from Streatham, south-west London, said her husband’s blood test at Gracefield Gardens health centre was cancelled on Monday evening and he was informed that local centres were not taking bookings for an “indefinite period of time”.

According to the HSJ, one senior source said gaining access to pathology results could take “weeks, not days”.

By Press Association

More Technology News

See more More Technology News

A person holds an iphone showing the app for Google chrome search engine

Apple and Google ‘should face investigation over mobile browser duopoly’

A Google icon on a smartphone

Firms can use AI to help offset Budget tax hikes, says Google UK boss

Icons of social media apps, including Facebook, Instagram, YouTube and WhatsApp, are displayed on a mobile phone screen

Growing social media app vows to shake up ‘toxic’ status quo

Will Guyatt questions who is responsible for the safety of children online

Are Zuckerberg and Musk responsible for looking after my kids online?

Social media apps on a phone

U16s social media ban punishes children for tech firm failures, charities say

Google shown on a smartphone

US Government proposes forcing Google to sell Chrome to break-up tech empire

The logo for Google's Gemini AI assistant

Google’s Gemini AI gets dedicated iPhone app in the UK for the first time

Facebook stock

EU fines Meta £660m for competition rule breaches over Facebook Marketplace

A phone taking a photo of a phone mast

Government pledges more digital inclusion as rural Wales gets phone mast boost

Social media apps displayed on a mobile phone screen

What is Bluesky and why are people leaving X to sign up?

Someone types at a keyboard

Cyber security chief warns Black Friday shoppers to be alert to scams

MPs

Ministers pressed on excluding Chinese firms from UK’s genomics sector

Child with mobile phone stock

Specially designed smartphone for children launches in the UK

Roblox on a laptop

Children’s gaming platform Roblox makes ‘major update’ to parental controls

An offshore wind farm

Government launches competition to find AI solutions to boost UK clean energy

A Google logo on the screen of a mobile phone

Google partnership with Anthropic AI cleared by competition watchdog