Top
Home / Cyber Security
Cyber Security

Unpacking: ransomware attack on London hospitals

By

In June 2024, a ransomware attack on Synnovis, a critical pathology and diagnostics provider in London, crippled key services in several NHS hospitals. The attack caused widespread operational disruptions and raised serious concerns about the security of healthcare systems reliant on third-party service providers. This incident highlights the fragility of healthcare infrastructure when targeted by sophisticated ransomware groups, such as Qilin, and underscores the urgent need for enhanced cybersecurity measures across the healthcare industry. Take a look at the aftermath of the attack.

The attack: what happened?

The ransomware attack on Synnovis began on June 3, 2024, impacting major NHS hospital trusts such as Guy’s St. Thomas’ and King’s College. Synnovis, which provides critical diagnostic services, including blood tests, became the target of the Qilin ransomware group. The attack led to an immediate IT system failure, halting the processing of thousands of blood samples and diagnostic tests. Hospitals were forced to cancel over 800 surgeries and 700 outpatient appointments, including 97 crucial cancer treatments, and reschedule several other procedures, such as C-sections.

The consequences for patient care were immense, with the pathology services reduced to just 10% of their normal capacity. Without access to digital records or test results, hospitals struggled to maintain their regular services. Blood transfusions became a critical area of concern, with the NHS appealing for blood donors as they faced a severe shortage. The hospitals had to prioritize only the most urgent cases, while less critical patients were redirected to other facilities.

The data breach of the ransomware

Beyond the operational disruptions, the attack led to the leak of sensitive personal data belonging to nearly a million individuals. The stolen data, published on a dark web leak site, included patient names, NHS numbers, birth dates, and detailed medical records, such as histology tests and results related to intimate conditions like cancer or sexually transmitted infections. Qilin, a Russian-linked cybercriminal group, was identified as the attacker behind this large-scale breach.

Synnovis responded by obtaining a preliminary injunction from the English High Court to prevent the further publication of the stolen data. The data breach raised significant concerns over patient privacy, with healthcare providers now facing legal, ethical, and regulatory challenges in protecting sensitive patient information. Though some platforms like Telegram complied by removing channels linked to the ransomware group, the larger issue of containing data leaks remains a serious challenge in such cyberattacks.

Operational challenges post-attack

The attack placed immense pressure on NHS hospitals, which were already operating under the strain of high patient loads. Medical staff, accustomed to using sophisticated IT systems for managing patient data, were forced to revert to manual processes. Recording diagnostic results on paper slowed down operations and increased the risk of human error. The ripple effects were felt across various departments, leading to further patient care and treatment delays.

In an effort to mitigate these operational challenges, hospitals called upon medical students to volunteer for extended shifts. These volunteers played a crucial role in helping to keep essential services running by stepping into roles that involved managing manual workflows and assisting with critical pathology processes. Despite their contributions, the overall service capacity was still severely reduced, and hospitals remained under significant strain.

Qilin ransomware group
Qilin ransomware group
Major Cyber attack at London Hospitals
Major Cyber attack at London Hospitals

Cybersecurity gaps in healthcare

The Synnovis attack exposed significant vulnerabilities within healthcare IT systems, especially when dependent on third-party service providers. Hospitals, like many other critical infrastructure sectors, have long relied on patchwork IT systems, often integrating legacy technologies with newer digital platforms. This makes them prime targets for cybercriminals, as outdated systems are more vulnerable to exploitation. The complexity of managing healthcare systems across diagnostics, pathology, and clinical management adds further layers of risk.

London hospitals cyberattack

Healthcare providers have historically been favored targets for ransomware groups, given the high stakes involved in patient care. Cybersecurity experts have noted that while data theft is often one motive, the primary goal of such attacks is to paralyze services to the point where the victims may consider paying a ransom to restore operations. However, the NHS, much like other UK healthcare entities, has a strict policy of not paying ransoms, which forces the organization to navigate through the aftermath without giving in to extortion attempts.

The Synnovis ransomware attack was a stark reminder of the increasing cyberthreats facing the healthcare industry. The disruption it caused to vital hospital services, along with the exposure of sensitive patient data, highlights the need for stronger, more proactive cybersecurity strategies within healthcare institutions. The aftermath of the attack also serves as a call for healthcare providers to invest in cutting-edge cybersecurity tools and rethink their reliance on third-party service providers, which are becoming an increasingly vulnerable link in the chain.

Tags: ,
0

Kristi Shehu is a Cyber Security Engineer (Application Security) and Cyber Journalist based in Albania. She lives and breathes technology, specializing in crafting content on cyber news and the latest security trends, all through the eyes of a cyber professional. Kristi is passionate about sharing her thoughts and opinions on the exciting world of cyber security, from breakthrough emerging technologies to dynamic startups across the globe.

RELATED POSTS

Cyber Security

Spaniards' tax data is under attack. The Spanish Tax Agency defends that it has not been the target of a cyberattack claimed by the hacker group Trinity. Instead, the public body points to an external, private company without connection to

Cyber Security

New cyber security and business resilience policy centre, The CSBR, has announced its first two policy programmes for the first quarter of 2025. Unsurprisingly given the UK Government’s intention to bring before Parliament during 2025 its bill of the same name,

Cyber Security, Tech

Calling all technology professionals, CISOs, CEOs, IT Directors, and cybersecurity experts—Zero Trust World (ZTW) is set for February 19-21, 2025, in Orlando, Florida. This is the must-attend, hands-on, three-day learning event that will reshape the future of cybersecurity.  Zero Trust World

4i magazine was founded with the vision of enabling our readers to make sense of the modern world. Our mission is to provide our audience with the most important, cutting-edge tech news and insights. Today's media landscape features too much information and not enough knowledge. Our coverage aims to fix that, by focusing the spotlight on developing trends, up-and-coming talents, and news that's worth your attention.

info@4imag.com
jobs@4imag.com

© Copyright 4i Mag 2022 All Rights Reserved