14TH JUN 2024
NHS England announced today that a ransomware attack on Synnovis has severely impacted multiple London hospitals, leading to the cancellation of hundreds of planned operations and appointments.
Synnovis, formerly known as Viapath, was established in 2009 as GSTS Pathology and rebranded in October 2022. The organization operates as a partnership between SYNLAB UK & Ireland, Guy's and St Thomas' NHS Foundation Trust, and King's College Hospital NHS Foundation Trust.
The Synnovis ransomware attack, attributed to the Qilin operation, has locked the hospital services provider out of its systems, leading to an "ongoing critical incident."
The Synnovis ransomware attack, which occurred on June 3, has caused significant disruptions in medical services at:
Guy's and St Thomas' NHS Foundation Trust
King's College Hospital NHS Foundation Trust
Primary care providers across South East London
According to internal memos from hospital officials, the incident has had a "major impact" on procedures and operations, including blood transfusions and blood testing. Despite this, NHS representatives have assured that emergency services such as A&E, urgent care centers, and maternity departments remain operational. However, some procedures dependent on pathology services have been suspended.
On Friday, NHS London revealed the extensive nature of the ransomware attack, noting that it could take months for Synnovis to fully restore its systems. "Data for the first week after the attack (3-9 June) indicates that more than 800 planned operations and 700 outpatient appointments at the two most affected trusts had to be rearranged," NHS officials stated.
Synnovis is actively working on the technical recovery of its systems, with plans to restore some functionality in the coming weeks. However, full restoration will take time, and disruptions from the cyber incident are expected to continue for several months.
In addition, NHS Blood and Transplant (NHSBT) issued a warning on Monday about blood shortages in London hospitals, particularly for O-positive and O-negative blood. These blood types are crucial for urgent operations and procedures where patients cannot afford delays.
"We fully recognize the distress that any delays in care can cause for our patients and their families, and we are very sorry for this," said Professor Ian Abbs, Chief Executive of Guy's and St Thomas' NHS Foundation Trust, and Professor Clive Kay, Chief Executive of King's College Hospital NHS Foundation Trust in a joint statement. They urged patients to attend their appointments as scheduled unless contacted otherwise.
While the Qilin ransomware group’s dark web leak site briefly went offline after the attack, it has since resumed operations. The group has not yet claimed responsibility for the Synnovis breach. The Qilin operation, which rebranded from "Agenda" in August 2022, has been linked to over 130 victims since its emergence. Known for double-extortion tactics, the alleged Russian cybercrime group pressures companies by stealing data before encrypting systems and demanding ransoms ranging from $25,000 to millions of dollars.
The NHS continues to monitor the situation closely as recovery efforts progress.
Ransomware attacks usually involve clicking on an insecure link that is part of an elaborate social engineering technique. It is recommended that employees working in the healthcare industry go through cybersecurity awareness training to learn behaviors and best practices against cyber attacks in the future.
