London Hospitals Face Major Disruptions After Cyberattack
Several major hospitals in London have been crippled by a cyberattack, Britain’s National Health Service said, causing surgical procedures to be canceled, disrupting blood transfusions and forcing patients to be diverted.
A ransomware cyberattack on Synnovis, an organization that manages blood transfusions and other services, on Monday had significantly disrupted the delivery of services at King’s College and Guy’s and St. Thomas’ hospital trusts, which run several major hospitals. The attack has also caused disruptions to primary care offices in southeast London.
“Unfortunately, some operations and procedures, which rely more heavily on pathology services, have been postponed, and blood testing is being prioritized for the most urgent cases, meaning patients have had phlebotomy appointments canceled,” the health service said on Wednesday. Emergency services were open as usual, the statement added.
Mark Dollar, the chief executive of Synnovis, said on Tuesday that the company was working to understand the impact of the attack on its pathology services and to minimize disruption. “It is still early days and we are trying to understand exactly what has happened,” he said in a statement.
Ciaran Martin, a former head of British cybersecurity, told BBC Radio 4 on Wednesday that a Russian cybercriminal group known as Qilin was most likely behind the attack.
“It’s the more serious type of ransomware, where the system just doesn’t work,” Mr. Martin said. “If you’re working in health care in this trust, you’re just not getting those results, so it’s actually seriously disruptive.”
The attack highlights cybersecurity risks for the N.H.S., which has previously come under criticism for having software that is vulnerable to malware and ransomware. Just a few weeks ago, cybercriminals attacked an N.H.S. trust in Dumfries and Galloway in Scotland, gaining access to a large volume of patient data, though appointments and other health care services were not interrupted there.
The most wide-scale attack on the N.H.S. was the 2017 WannaCry attack, a ransomware attack that affected organizations in nearly 100 countries, including more than a third of the N.H.S. trusts. The health service was forced to cancel nearly 20,000 hospital appointments and operations, and diverted patients from five emergency departments that were unable to treat them. The previous year, the Northern Lincolnshire and Goole N.H.S. Foundation Trust was also hit by ransomware attacks, according to a report from Britain’s National Audit Office.
There has been a rise in ransomware crime over the last few years around the world, in the public and private sectors, said Joe Devanny, a lecturer at King’s College London who focuses on cybersecurity. Health-care services are particularly vulnerable. Cybersecurity in those settings may be weaker because of budget constraints. Cybercriminals also perceive health-care providers as targets that may pay the ransom, given that so much is at stake when their services are taken offline.
“It’s not surprising that it happened, it’s not surprising it was being reported as a Russian group and it’s not surprising it’s health-care related,” Mr. Devanny said.
The Russian group that was suspected in the attack would have been well-known to British law enforcement officials, since it has carried out other attacks in Britain in recent years, he said.
The British government said last year that the N.H.S. was much better prepared for ransomware attacks than it was in 2017, with 21 million malicious emails blocked every month. Last year, the government laid out a new strategy that it said would help protect the health service by 2030, including by offering cybersecurity training to its work force.
Recovering from cyberattacks can take weeks or months. A criminal group attacked the British Library, the country’s national library, in late October, preventing scholars from accessing its online systems, including email. The criminal group also stole data, which it later tried to auction online.
Eight months later, the British Library, whose collection includes two of the four surviving copies of Magna Carta, is still working to recover from the attack. Other organizations that have experienced similar attacks have taken over a year to fully restore operations, the library said.
