June 5th – On Monday, hospitals in London declared a major IT incident, which proved to be a ransomware attack.
In the immediate aftermath, memos were sent to the staff at King’s College hospital, Guy’s and St Thomas’ (including the Royal Brompton and Evelina London children’s hospital) and primary care service providers across London.
The issue stemmed from a breach of Synnovis, a provider of pathology services, and applied to all healthcare entities partnered with Synnovis.
A tremendous impact
Providers were forced to cancel operations, sending patients home and instructing them to standby for a new appointment.
Blood tests were cancelled and blood transfusions – lifesaving measures in some cases or interim reprieves from the pain of health conditions – were also cancelled.
Access to pathology results was also disrupted, and one senior source notes that regaining access may take weeks, not days.
Expert analysis
“We’ve had several NHS attacks…” in the past, says Check Point CISO Deryck Mitchelson.
“We need to be much more rigid in our defense. We need more investment in our cyber defenses. We need much more investment in our talent and our engineers and people that are going to prevent these attacks…We need more investment in our back-office technology that underpins the health system,” he continued.
“As well as securing itself, the NHS needs to do a better job of securing its supply chain…because that could be its weakest link,” Mitchelson observed.
Incident response
A spokesperson from Synnovis shared that the company had deployed a “taskforce of IT experts” to fully investigate the incident.
The NHS is also working in partnership with the National Cyber Security Centre (NCSC) in order to comprehend and respond to the ordeal. The NHS has also apologized for the inconvenience.
“Whoever forms the next government needs to make sure that…lives are not put at risk,” says cyber security professional Steve Sands, of the Chartered Institute for IT.
Further information
According to The Guardian, experts believe that Russian cyber criminals were behind the attack. It appears that the hackers very intentionally caused this type of massive primary healthcare disruption.
All public sector organizations are advised to have contingency plans in-place for the purpose of contending with a cyber attack. Such organizations are also advised to train staff around cyber risks and to invest in software that can strengthen security and resilience.
For further insights into the situation in London, please click here. For more on healthcare and cyber security, please see CyberTalk.org’s past coverage.
Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.